Securiti launches Gencore AI, a holistic solution to build Safe Enterprise AI with proprietary data - easily
ViewLearn how you can leverage Securiti’s Data Command Center to address data security, privacy, governance, and compliance.
See a demo
The Personal Data Protection Law No. (24) of 2023 (PDPL) is Jordan's primary data privacy legislation. It was enacted to protect the privacy of individual’s personal data and regulate the processing of normal and sensitive personal data related to individuals within Jordan. It applies regardless of when the data was collected or if the data controller is based outside the country. However, it's important to note that the PDPL does not apply to individuals who process personal data for personal use.
The Jordan PDPL became operative on March 17, 2024. However, organizations that process personal data have been provided with a one-year grace period to modify their practices and comply with the new legislative requirements. The grace period will effectively end on March 17, 2025.
The Jordan PDPL establishes the Personal Data Protection Council (Council) as the primary regulatory authority responsible for approving policies, issuing licenses, setting standards, and handling complaints. The Council, supported by The Unit, focuses on regulatory oversight. Both bodies ensure compliance with the PDPL, and the Council also represents Jordan in international data protection matters.
Securiti enables organizations to comply with Jordan’s PDPL through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.
Securiti supports enterprises in their journey toward compliance with Jordan’s PDPL through automation, enhanced data visibility, and identity linking.
See how Securiti helps you comply with various sections of Jordan’s PDPL.
PDPL Article: 4(B)(1), 8(F), 11(B)(4), 11(B)(5)
The automation of the processing and handling of secure data access requests will greatly reduce the risk of compliance violations and reduce the workforce required to comply with all the data access requests.
PDPL Article: 4(B)(3), 8(E), 11(B)(4), 11(B)(5)
Fulfill data rectification requests seamlessly using automated data subject verification workflows across all appearances of a data subject’s personal data.
PDPL Article: 4(B)(4) 4(B)(6), 8(F).
Build a framework for objections and processing restrictions based on business requirements using collaborative workflows.
PDPL Article: 4(B)(5), 10, 11(B)(4),11B(5).
Fulfill data subjects’ personal data erasure requests swiftly through automated and flexible workflows.
PDPL Article: 4(B)(7), 8(D), 14.
Fulfill data subjects’ personal data portability requests swiftly through automated and flexible workflows.
PDPL Article: 4(B)(2), 8(D), 8(F), 10(A)(2).
Fulfill data subjects’ Opt-out requests swiftly through automated and flexible workflows.
PDPL Article: 4(A) 4(B)(2), 5, 6, 8(F), 9, 10(A)(2), 11(B)(2) 14, 15(A)(5).
Automatically scan the web properties within your organization and create cookie categories according to cookie properties and retention periods. Build customizable cookie consent banners according to the applicable jurisdictional cookie consent requirements.
PDPL Article: 4(A), 4(B)(2), 5, 6, 8(F), 9, 10(A)(2), 11(B)(1), 11(B)(2), 14, 15(A)(5).
Track and honour consent and consent revocation, as well as any changes to data subjects’ preferences concerning the use of their personal data to prevent the transfer or processing of data without their consent.
PDPL Articles: 14 ,15.
Track data flows in your organizations by having a centralized catalog of internal data process flows and flows for data transfer to service providers and other third parties. Maintaining updated records of data processing activities enables you to demonstrate compliance with the applicable legal requirements.
PDPL Article: 14
Track, manage, and monitor privacy and security readiness for all your service providers from a single interface. Collaborate instantly with vendors, automate data requests, and manage all vendor contracts and compliance documents.
PDPL Article: 4(B)(8), 20(A)
Automates compliance actions and breach notifications to concerned stakeholders in relation to security incidents by leveraging a knowledge database on security incident diagnosis and response.
PDPL Article: 8(A), 8(B), 8(C), 12, 13, 14(E).
Automate security, privacy, and governance functions with an intuitive workflow orchestration engine. Leverage built-in integrations and customizable triggers to streamline operations, reduce costs and improve accuracy.
Right to Access: The data subjects are entitled to view and access their personal data held by the controller, as well as obtain a copy of it.
Right to Withdraw Consent: The PDPL grants data subjects the right to withdraw consent previously given, upon written notice, without affecting the lawfulness of prior processing.
Right to Rectification: The PDPL grants data subjects the right to request corrections, amendments, or updates to their personal data to ensure accuracy.
Right to Restrict/Limit Processing: The PDPL allows data subjects to limit the processing of their personal data to a specific scope or purpose, restricting its use beyond the intended context.
Right to Erasure: The data subjects have the right to request that their personal data be deleted or concealed, subject to the conditions outlined in the law.
Right to Object: The data subjects have the right to object to processing or profiling activities that are unnecessary, excessive, discriminatory, or violate the law.
Right to Data Portability: The data subjects are entitled to obtain a copy of their personal data and transfer it from one controller to another.
The PDPL requires controllers to notify The Unit within 72 hours and affected data subjects within 24 hours of discovering a breach that could cause significant harm.
A controller must appoint a Data Protection Officer (DPO) if its core activities involve processing personal data, sensitive data, data of legally incapacitated persons, financial information, or if it handles data to be transferred outside Jordan.
The Council may also mandate a DPO in other cases.
Under the PDPL, data transfer outside Jordan is generally prohibited unless there is international judicial cooperation, a medical emergency, or the data subject consents after being informed of the inadequate protection level.
Penalties for PDPL violations range from 1,000 to 10,000 dinars and double for repeat offenses. Article 22(B) of the PDPL also allows for database deletion or data destruction by court order.
The Council has the authority to fully or partially suspend or revoke the offender's license or permit if the breach persists after a warning. Until the violation is remedied, fines of up to 500 dinars per day may be applied, with a maximum cumulative fine of 3% of the violator's yearly income.
The aggrieved party can also file a civil action for damages resulting from a PDPL breach.
The Unit may publicly disclose proven violations at the violator's expense.
At Securiti, our mission is to enable organizations to safely harness the incredible power of Data & AI.
Copyright © 2024 Securiti · Sitemap · XML Sitemap
info@securiti.ai
Securiti, Inc.
300 Santana Row
Suite 450
San Jose, CA 95128
