Securiti launches Gencore AI, a holistic solution to build Safe Enterprise AI with proprietary data - easily

View

Jordan Personal Data Protection Law

Last Updated on August 27, 2024

Schedule Your
Personal Demo

Learn how you can leverage Securiti’s Data Command Center to address data security, privacy, governance, and compliance.

See a demo
Schedule your demo today

The Personal Data Protection Law No. (24) of 2023 (PDPL) is Jordan's primary data privacy legislation. It was enacted to protect the privacy of individual’s personal data and regulate the processing of normal and sensitive personal data related to individuals within Jordan. It applies regardless of when the data was collected or if the data controller is based outside the country. However, it's important to note that the PDPL does not apply to individuals who process personal data for personal use.

The Jordan PDPL became operative on March 17, 2024. However, organizations that process personal data have been provided with a one-year grace period to modify their practices and comply with the new legislative requirements. The grace period will effectively end on March 17, 2025.

The Jordan PDPL establishes the Personal Data Protection Council (Council) as the primary regulatory authority responsible for approving policies, issuing licenses, setting standards, and handling complaints. The Council, supported by The Unit, focuses on regulatory oversight. Both bodies ensure compliance with the PDPL, and the Council also represents Jordan in international data protection matters.

The solution

Securiti enables organizations to comply with Jordan’s PDPL through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.

Canada PIPEDA Compliance Solution

Securiti supports enterprises in their journey toward compliance with Jordan’s PDPL through automation, enhanced data visibility, and identity linking.

See how Securiti helps you comply with various sections of Jordan’s PDPL.


 

Automate Data Subject Access Request Handling

PDPL Article: 4(B)(1), 8(F), 11(B)(4), 11(B)(5)

The automation of the processing and handling of secure data access requests will greatly reduce the risk of compliance violations and reduce the workforce required to comply with all the data access requests.

PIPEDA dsr portal
Taiwan

Automate the Processing of Data Rectification Requests

PDPL Article: 4(B)(3), 8(E), 11(B)(4), 11(B)(5)

Fulfill data rectification requests seamlessly using automated data subject verification workflows across all appearances of a data subject’s personal data.

Automate Objection and Restriction of Processing Requests

PDPL Article: 4(B)(4) 4(B)(6), 8(F).

Build a framework for objections and processing restrictions based on business requirements using collaborative workflows.

PIPEDA data access request
JPDP data rectify request

Automate Erasure Requests

PDPL Article: 4(B)(5), 10, 11(B)(4),11B(5).

Fulfill data subjects’ personal data erasure requests swiftly through automated and flexible workflows.

Automate Portability Requests

PDPL Article: 4(B)(7), 8(D), 14.

Fulfill data subjects’ personal data portability requests swiftly through automated and flexible workflows.

PIPEDA data erasure request
PIPEDA personal data monitoring tracking

Automate Withdrawal of Consent

PDPL Article: 4(B)(2), 8(D), 8(F), 10(A)(2).

Fulfill data subjects’ Opt-out requests swiftly through automated and flexible workflows.

Meet Cookie Compliance

PDPL Article: 4(A) 4(B)(2), 5, 6, 8(F), 9, 10(A)(2), 11(B)(2) 14, 15(A)(5).

Automatically scan the web properties within your organization and create cookie categories according to cookie properties and retention periods. Build customizable cookie consent banners according to the applicable jurisdictional cookie consent requirements.

PIPEDA people data graph
Taiwan

Monitor and Track Consent

PDPL Article: 4(A), 4(B)(2), 5, 6, 8(F), 9, 10(A)(2), 11(B)(1), 11(B)(2), 14, 15(A)(5).

Track and honour consent and consent revocation, as well as any changes to data subjects’ preferences concerning the use of their personal data to prevent the transfer or processing of data without their consent.

Map Data Flows

PDPL Articles: 14 ,15.

Track data flows in your organizations by having a centralized catalog of internal data process flows and flows for data transfer to service providers and other third parties. Maintaining updated records of data processing activities enables you to demonstrate compliance with the applicable legal requirements.

Taiwan
Taiwan

Manage Vendor Risk

PDPL Article: 14 

Track, manage, and monitor privacy and security readiness for all your service providers from a single interface. Collaborate instantly with vendors, automate data requests, and manage all vendor contracts and compliance documents.

Automate Breach Response Notification

PDPL Article: 4(B)(8), 20(A)

Automates compliance actions and breach notifications to concerned stakeholders in relation to security incidents by leveraging a knowledge database on security incident diagnosis and response.

Taiwan
PIPEDA Vendor Risk Management

Automate Security Controls

PDPL Article: 8(A), 8(B), 8(C), 12, 13, 14(E).

Automate security, privacy, and governance functions with an intuitive workflow orchestration engine. Leverage built-in integrations and customizable triggers to streamline operations, reduce costs and improve accuracy.

Key Rights Under Jordan PDPL

Right to Access: The data subjects are entitled to view and access their personal data held by the controller, as well as obtain a copy of it.

Right to Withdraw Consent: The PDPL grants data subjects the right to withdraw consent previously given, upon written notice, without affecting the lawfulness of prior processing.

Right to Rectification: The PDPL grants data subjects the right to request corrections, amendments, or updates to their personal data to ensure accuracy.

Right to Restrict/Limit Processing: The PDPL allows data subjects to limit the processing of their personal data to a specific scope or purpose, restricting its use beyond the intended context.

Right to Erasure: The data subjects have the right to request that their personal data be deleted or concealed, subject to the conditions outlined in the law.

Right to Object: The data subjects have the right to object to processing or profiling activities that are unnecessary, excessive, discriminatory, or violate the law.

Right to Data Portability: The data subjects are entitled to obtain a copy of their personal data and transfer it from one controller to another.

Facts Related to Jordan PDPL

1

The PDPL requires controllers to notify The Unit within 72 hours and affected data subjects within 24 hours of discovering a breach that could cause significant harm.

2

A controller must appoint a Data Protection Officer (DPO) if its core activities involve processing personal data, sensitive data, data of legally incapacitated persons, financial information, or if it handles data to be transferred outside Jordan. 

3

The Council may also mandate a DPO in other cases.

4

Under the PDPL, data transfer outside Jordan is generally prohibited unless there is international judicial cooperation, a medical emergency, or the data subject consents after being informed of the inadequate protection level.

5

Penalties for PDPL violations range from 1,000 to 10,000 dinars and double for repeat offenses. Article 22(B) of the PDPL also allows for database deletion or data destruction by court order.

6

The Council has the authority to fully or partially suspend or revoke the offender's license or permit if the breach persists after a warning. Until the violation is remedied, fines of up to 500 dinars per day may be applied, with a maximum cumulative fine of 3% of the violator's yearly income.

7

The aggrieved party can also file a civil action for damages resulting from a PDPL breach.

8

The Unit may publicly disclose proven violations at the violator's expense.

IDC MarketScape

Securiti named a Leader in the IDC MarketScape for Data Privacy Compliance Software

Read the Report

Videos

View More

Mitigating OWASP Top 10 for LLM Applications 2025

Generative AI (GenAI) has transformed how enterprises operate, scale, and grow. There’s an AI application for every purpose, from increasing employee productivity to streamlining...

View More

DSPM vs. CSPM – What’s the Difference?

While the cloud has offered the world immense growth opportunities, it has also introduced unprecedented challenges and risks. Solutions like Cloud Security Posture Management...

View More

Top 6 DSPM Use Cases

With the advent of Generative AI (GenAI), data has become more dynamic. New data is generated faster than ever, transmitted to various systems, applications,...

View More

Colorado Privacy Act (CPA)

What is the Colorado Privacy Act? The CPA is a comprehensive privacy law signed on July 7, 2021. It established new standards for personal...

View More

Securiti for Copilot in SaaS

Accelerate Copilot Adoption Securely & Confidently Organizations are eager to adopt Microsoft 365 Copilot for increased productivity and efficiency. However, security concerns like data...

View More

Top 10 Considerations for Safely Using Unstructured Data with GenAI

A staggering 90% of an organization's data is unstructured. This data is rapidly being used to fuel GenAI applications like chatbots and AI search....

View More

Gencore AI: Building Safe, Enterprise-grade AI Systems in Minutes

As enterprises adopt generative AI, data and AI teams face numerous hurdles: securely connecting unstructured and structured data sources, maintaining proper controls and governance,...

View More

Navigating CPRA: Key Insights for Businesses

What is CPRA? The California Privacy Rights Act (CPRA) is California's state legislation aimed at protecting residents' digital privacy. It became effective on January...

View More

Navigating the Shift: Transitioning to PCI DSS v4.0

What is PCI DSS? PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards to ensure safe processing, storage, and...

View More

Securing Data+AI : Playbook for Trust, Risk, and Security Management (TRiSM)

AI's growing security risks have 48% of global CISOs alarmed. Join this keynote to learn about a practical playbook for enabling AI Trust, Risk,...

Spotlight Talks

Spotlight 47:42

Cybersecurity – Where Leaders are Buying, Building, and Partnering

Rehan Jalil
Watch Now View
Spotlight 46:02

Building Safe Enterprise AI: A Practical Roadmap

Watch Now View
Spotlight 13:32

Ensuring Solid Governance Is Like Squeezing Jello

Watch Now View
Spotlight 40:46

Securing Embedded AI: Accelerate SaaS AI Copilot Adoption Safely

Watch Now View
Spotlight 10:05

Unstructured Data: Analytics Goldmine or a Governance Minefield?

Viral Kamdar
Watch Now View
Spotlight 21:30

Companies Cannot Grow If CISOs Don’t Allow Experimentation

Watch Now View
Spotlight 2:48

Unlocking Gen AI For Enterprise With Rehan Jalil

Rehan Jalil
Watch Now View
Spotlight 13:35

The Better Organized We’re from the Beginning, the Easier it is to Use Data

Watch Now View
Spotlight 13:11

Securing GenAI: From SaaS Copilots to Enterprise Applications

Rehan Jalil
Watch Now View
Spotlight 47:02

Navigating Emerging Technologies: AI for Security/Security for AI

Rehan Jalil
Watch Now View

Latest

View More

Accelerating Safe Enterprise AI with Gencore Sync & Databricks

We are delighted to announce new capabilities in Gencore AI to support Databricks' Mosaic AI and Delta Tables! This support enables organizations to selectively...

View More

Building Safe, Enterprise-grade AI with Securiti’s Gencore AI and NVIDIA NIM

Businesses are rapidly adopting generative AI (GenAI) to boost efficiency, productivity, innovation, customer service, and growth. However, IT & AI executives—particularly in highly regulated...

Key Differences from DLP & CNAPP View More

Why DSPM is Critical: Key Differences from DLP & CNAPP

Learn about the critical differences between DSPM vs DLP vs CNAPP and why a unified, data-centric approach is an optimal solution for robust data...

DSPM Trends View More

DSPM in 2025: Key Trends Transforming Data Security

DSPM trends in 2025 provides a quick glance at the challenges, risks, and best practices that can help security leaders evolve their data security...

The Future of Privacy View More

The Future of Privacy: Top Emerging Privacy Trends in 2025

Download the whitepaper to gain insights into the top emerging privacy trends in 2025. Analyze trends and embed necessary measures to stay ahead.

View More

Personalization vs. Privacy: Data Privacy Challenges in Retail

Download the whitepaper to learn about the regulatory landscape and enforcement actions in the retail industry, data privacy challenges, practical recommendations, and how Securiti...

Nigeria's DPA View More

Navigating Nigeria’s DPA: A Step-by-Step Compliance Roadmap

Download the infographic to learn how Nigeria's Data Protection Act (DPA) mapping impacts your organization and compliance strategy.

Decoding Data Retention Requirements Across US State Privacy Laws View More

Decoding Data Retention Requirements Across US State Privacy Laws

Download the infographic to explore data retention requirements across US state privacy laws. Understand key retention requirements and noncompliance penalties.

Gencore AI and Amazon Bedrock View More

Building Enterprise-Grade AI with Gencore AI and Amazon Bedrock

Learn how to build secure enterprise AI copilots with Amazon Bedrock models, protect AI interactions with LLM Firewalls, and apply OWASP Top 10 LLM...

DSPM Vendor Due Diligence View More

DSPM Vendor Due Diligence

DSPM’s Buyer Guide ebook is designed to help CISOs and their teams ask the right questions and consider the right capabilities when looking for...

What's
New