Breaking News for Companies in the TMT Sector in Qatar
On 23 October 2024, the National Data Privacy Office (“NDPO”) of the Qatar National Cyber Security Agency (“NCSA”) issued Resolution No. 1 of 2024, obliging an unnamed company in the telecommunications and information technology sector to review, update, and develop its administrative, technical, and material precautions and standards for the protection of personal data. The NDPO stated that the company violated several articles of the Personal Data Privacy Protection Law No. 13 of 2016 (“PDPPL”) and the service provider failed to comply with the obligation to protect and process personal data, in contravention of the provisions of PDPPL concerning the obligations of the controller.
The NDPO emphasized the importance of compliance, urging all organizations subject to the PDPPL to fully adhere to its requirements. It also encouraged these companies to review the official guidelines, which are available to help entities better understand and apply the PDPPL effectively. These guidelines can be accessed online via the NCSA portal.
Resolution No. 1 of 2024 highlights the NDPO’s commitment to ensuring the highest standards of data privacy and security in Qatar, reinforcing the responsibilities of organizations to safeguard personal information in accordance with the PDPPL.
It should be noted that the PDPPL is the primary data protection law in the State of Qatar. However, organizations within the Qatar Financial Centre (“QFC”) are subject to a separate data protection regime, including the QFC Data Protection Regulations and Rules of 2021.
GLA has advised a number of local, regional and international clients on data protection legislation under the State of Qatar, the QFC and across the MENA region. For more information, please contact the authors of this article.
Authors: Dean Jaloudi, Partner and Habiba Wahdan, Associate