With the increasing demand and rapid-paced developments in the technology industry, data privacy has become paramount. Many companies find enormous value in collecting, sharing and using data in their day-to-day business operations. In particular, businesses must ensure compliance with regulations when such data relates to personal data. In brief, data privacy is a branch of data security concerned with proper handling of data, including consent, notice and regulatory obligations.
Qatar was one of first countries in the Middle East to introduce a standalone data protection law: Law No. 13 of 2016 Concerning Personal Data Protection. In addition, the Qatar Financial Centre (QFC), as an independent regulatory jurisdiction, enacted its own Data Protection Regulations (DPR) in 2005. The QFC has recently issued its amended Data Protection Regulations and Data Privacy Rules (New DPR) on 21 December 2021, which will come into force on 19 June 2022.
The amendments aim to bring the existing DPR to the standards of the General Data Protection Regulations 2016/679 (GDPR), which will ultimately oblige businesses operating from the QFC to be more diligent in their data compliance practices. The New DPR also aims to ensure proper monitoring and regulation of QFC firms in the context of data protection. Some of the most significant amendments introduced by the New DPR include:
Aside from the significant financial consequences, there could be reputational damage to businesses that fail to comply with the New DPR. In light of this, QFC firms are encouraged to review the New DPR to ensure that all collection and processing of personal data complies with the New DPR from 19 June 2022. The Data Protection Office will also be providing training, guidance and tools on the New DPR, from which QFC firms can benefit.