'Most Innovative Startup 2020' by RSA - Watch the videoLearn More
Qatar is the first gulf country that has passed a national data privacy law and has paved the way for all other gulf countries to follow suit. In 2016, Qatar enacted Law no. 13 Concerning Personal Data Protection (the “DPL”). Qatar became the first Gulf Cooperation Council (GCC) member state to issue an “European Style” applicable data protection law. The DPL establishes a certain degree of personal data protection, provides data subject rights, and prescribes the guidelines for organizations for the processing of personal data within Qatar.
Furthermore, on 31 January 2021, the Ministry of Transport and Communications (the “MOTC”) released a new set of guidelines on the DPL for regulated organizations as well as guidelines for data subjects.
SECURITI enables organizations to comply with the Qatar DPL through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.
See how our comprehensive PrivacyOps platform helps you comply with various articles of the Qatar DPL.
Create customized web forms according to your brand image with the DSR request format and accept verified data subject rights requests. Automate the initiation of fulfillment workflows when verified requests are received.
Articles: 6, 7, 11(6), 21
Data subjects need to be notified about their data privacy rights and organizations are required to simplify the initiation of verified DSR requests. The automation of the delivery and generation of secure data access reports will greatly reduce the risk of compliance violations and reduce the workforce required to comply with all the requests.
Articles: 6, 21
Disclosure of information to the data subjects within a limited time frame of receiving a verifiable data request is a must for any organization looking to comply. This will be free of charge and delivered through a secure, centralized portal.
With the help of automated data subject verification workflows across all appearances of a subject’s personal data, you can seamlessly fulfill all data rectification requests.
Fulfill data subject’s’ erasure requests, swiftly, through automated and flexible workflows.
Create a framework for restriction and objection of processing handling based on business requirements, with collaborative workflows.
Articles: 2, 10, 8, 11(7), 22,
Keep track of risks involved by continuously scanning and monitoring data against non-compliance to subject rights, security controls, or data residency.
Discover personal information stored across all your internal and external systems within the organization and link them back to a unique data subject. Also, visualize personal data sprawl and identify compliance risks.
Articles: 4, 5(1), 17
Automatically scan the web properties within your organization, categorizing tags, and cookies. Also, build customizable cookie banners, collect consent, and provide a preference center.
Articles: 4, 5(1), 17, 19(3)
Track consent revocation of data subjects to prevent the transfer or processing of data without their consent. Seamlessly demonstrate consent compliance to regulators and data subjects.
Articles: 2, 8-13
With the help of our multi-regulation, collaborative, readiness, and privacy impact assessment system, you can gauge your organization's posture against Qatar DPL requirements, identify the gaps, and address the risks. Seamlessly being able to expand assessment capabilities across your vendor ecosystem to maintain compliance against Qatar DPL requirements.
Articles: 23, 24, 25
Track data flows in your organizations, trace this data, catalog, transfer, and document business process flows internally and to service providers or third parties.
Articles: 15, 12
Keep track of privacy and security readiness for all your service providers from a single interface. Collaborate instantly with vendors, automate data requests and deletions, and manage all vendor contracts and compliance documents.
Articles: 11(5), 14
Automates compliance actions and breach notifications to concerned stakeholders in relation to security incidents by leveraging a knowledge database on security incident diagnosis and response.
Organizations can process personal data only after obtaining the consent from the data dubjects. The DPL provides data subjects the right to withdraw their prior consent for the processing of personal data.
Data subjects have the right to access and obtain the copy of the personal data. They can also apply to review their personal data.
Data subjects have the right to request corrections to the personal data. A correction request shall be accompanied with proof of the accuracy of such request.
Data subjects have the right to be notified of processing the personal data and the purposes for which such processing is conducted.
Data subjects have the right to object to processing of the personal data if such processing is not necessary to achieve the purposes for which such personal data have been collected or where such collected personal data are beyond the extent required, discriminatory, unfair or illegal.
Data subjects can request omission or erasure of the personal data upon cessation of the purpose for which the processing has been conducted, or where all justifications for maintaining such personal data by the organization cease to exist.
The DPL incorporates concepts familiar from other international privacy frameworks to protect a consumer's personal data.
Under the DPL, a data controller is responsible for identifying all parties who process personal data on its behalf.
In Qatar, the Compliance and Data Protection department (the “CDP”)at MoTC is responsible for the enforcement of the DPL. .
The MoTC can also impose fines of up to QAR 5 million (US$1.4 million) for violations of certain provisions of the DPL.
There is currently no obligation for organizations in Qatar to appoint a data protection officer under the DPL.