Securiti Named a 2022 Cool Vendor in Data Security by Gartner

Download Now

Oman’s Personal Data Protection Law

Operationalize Oman’s Privacy Act Compliance with the most comprehensive PrivacyOps platform.

Download the book today!

PrivacyOps - Automation & Orchestration for Privacy Compliance
Download Book
Available in PDF

Oman’s Personal Data Protection Law (Oman’s PDPL) has been published in the country’s official gazette, and it will come into force by February 9, 2023, one year after its issuance which was February 9, 2022. The law applies to any natural person’s personal data including but not limited to their name, location data, identification number, and health-related information. Oman’s PDPL defines personal data as “data that identifies a natural person or makes him identifiable, directly or indirectly, by reference to one or more identifiers”.

Furthermore, additional regulations regarding the obligation of controllers, external auditors, as well as processors including their roles and functions is expected to be issued in due course.

The Solution

Securiti enables organizations to ensure seamless compliance with Oman’s Personal Data Protection Law with its AI-driven data discovery, DSR automation, universal consent management, autonomous documented accountability, data breach management, and data sovereignty.

securiti dashboard

Securiti supports enterprises in their journey towards compliance with Oman’s Personal Data Protection Law through automation, enhanced data visibility, and identity linking.

See how our comprehensive PrivacyOps platform helps you comply with various sections of Oman’s PDPL.


 

dsr portal

Customize a data subject rights request portal for seamless customer care

Create personalized web forms according to your brand style guide with the DSR request format and accept verified data subject rights requests. Automate the initiation of fulfillment workflows when verified requests are received.

Assess Oman’s PDPL Readiness

Articles: 2, 3; Chapter: 4

With the help of our multi-regulation, collaborative, readiness, and personal data impact assessment system, you can gauge your organization's posture against Oman’s PDPL, identify the gaps, and address the risks. Seamlessly expand assessment capabilities across your vendor ecosystem to maintain compliance.

Assess GDPR readiness
dsr handling

Automate consumer data request handling

Articles: 10, 11

Data subjects have the right to be informed of the use of their personal information and access their data held by an organization. For this purpose, organizations must simplify the initiation of verified DSR requests. Automating the delivery and generation of secure data access reports will significantly reduce the risk of compliance violations and reduce the workforce required to comply with all the requests.

Secure fulfillment of data access requests

Article: 11(c)(d)

Disclosure of information to the data subject within a limited time frame of receiving a verifiable data request is a must for any organization looking to comply. This will be free of charge and delivered through a secure, centralized portal.

data access request
data rectify request

Automate the processing of rectification requests

Articles: 8(b), 11(b)

With the help of automated data subject verification workflows across all appearances of a data subject's personal information, you can seamlessly fulfill all data rectification requests.

Automate erasure/destroy/anonymize requests

Articles: 8(b), 11(e)

Fulfill data subjects' erasure/destroy/anonymize requests swiftly through automated and flexible workflows.

data erasure request
processing request

Automate object and restriction of processing requests

Articles: 8(c), 11(b)

Build a framework for de-indexation, and restriction of processing handling based on business requirements, with the help of collaborative workflows.

Meet cookie compliance

Articles: 6, 10, 11(a), 22

Automatically scan the web properties within your organization, categorizing tags and cookies. Also, build customizable cookie banners, collect consent, and provide a preference center.

cookie consent
consent preference management

Monitor and track consent

Articles: 6, 10, 11(a), 22

Track consent revocation of data subjects to prevent the transfer or processing of PI without their consent. Seamlessly demonstrate consent compliance to regulators and data subjects.

Automate data breach response notifications

Articles: 11(f), 19

Automates compliance actions and breach notifications to concerned stakeholders about security incidents by leveraging a knowledge database on security incident diagnosis and response.

breach response notification
manage vendor risk

Manage vendor risk

Articles: 13, 15

Keep track of privacy and security readiness for all your service providers and processors from a single interface. Collaborate instantly with vendors, automate data requests and deletions, and manage all vendor contracts and compliance documents.

Map data flows (cross border data transfers) and generate RoPA reports

Articles: 17, 18, 23

Instantly trace, manage, and monitor data flows on a single interface. Get comprehensive visibility by generating reports of all data points, cross-border data transfers, vendor contracts, and compliance records.

map data flows

Privacy policy and notice management

Article: 14

Dynamically update privacy policies and notices to comply with Oman’s PDPL. Automate how you publish your privacy notices with the help of pre-built templates to make the process faster. Also, enable centralized management by tracking and monitoring privacy notices to maintain compliance.

Key Rights Under Oman’s PDPL

Here are some critical data subject rights that are guaranteed under Oman’s PDPL:

Right to be Informed : The data owner has the right to be informed about the purpose of collection and processing of their personal data by the data controller.

Right to Access : The data owner shall request the data controller for a copy of their processed personal data.

Right to Amend/Update/Block : The data owner shall request the data controller to update, amend, or block their personal data from further processing.

Right to Erasure : The data owner shall request the data controller to erase their personal data unless the processing is essential for documentation or national preservation purposes.

Right to Revoke Consent : The data owner has the right to revoke their consent but without any biased towards the processing, occurred before the cancellation.

Right to Data Portability : The data owner shall request the data controller to transfer their personal data to another data controller.

Facts related to Oman’s PDPL

1

Oman’s PDPL restricts the processing of personal data of a child without the consent of their guardian unless the processing is in the best interest of the child. However, proper controls and procedures should be in place as and in accordance with the regulation.

2

The law will be regulated and implemented by the Minister of Transport, Communications and Information Technology (MTCIT) which will act as the regulatory authority.

3

Similar to most other global data protection regulations, Oman’s PDPL also requires the data controller and processor to create and maintain records of processing activities (RoPA).

4

PDPL requires data controllers and processors to have the written and exclusive consent of the data subject for processing their PD for marketing and commercial purposes.

5

PDPL defines a set of pre-defined obligations for data controllers and processors that they must oblige to for PD processing, such as determining the risk that could arise with the processing of PD, establishing controls and procedures for data transfer, etc.

6

Oman’s PDPL defines varying penalties in accordance with the regulations stated under Article 25 to Article 30, and thus, the penalty may vary from OMR 500 to OMR 100,000.

Solutions

Systems

Newsletter


Securiti PrivacyOps Named a Leader in The Forrester WaveTM

View