'Most Innovative Startup 2020' by RSA - Watch the video

Learn More

Qatar DPL

Download the book today!

PrivacyOps - Automation & Orchestration for Privacy Compliance
Download Book
Available in PDF

Qatar is the first gulf country that has passed a national data privacy law and has paved the way for all other gulf countries to follow suit. In 2016, Qatar enacted Law no. 13 Concerning Personal Data Protection (the “DPL”). Qatar became the first Gulf Cooperation Council (GCC) member state to issue an “European Style” applicable data protection law. The DPL establishes a certain degree of personal data protection, provides data subject rights, and prescribes the guidelines for organizations for the processing of personal data within Qatar.

Furthermore, on 31 January 2021, the Ministry of Transport and Communications (the “MOTC”) released a new set of guidelines on the DPL for regulated organizations as well as guidelines for data subjects.

The solution

SECURITI enables organizations to comply with the Qatar DPL through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.

securiti dashboard

SECURITI supports enterprises in their journey toward compliance with the Qatar DPL through automation, enhanced data visibility, and identity linking.

See how our comprehensive PrivacyOps platform helps you comply with various articles of the Qatar DPL.


 

Customize a data subject rights request portal for seamless customer care

Create customized web forms according to your brand image with the DSR request format and accept verified data subject rights requests. Automate the initiation of fulfillment workflows when verified requests are received.

dsr portal
dsr handling

Automate data subject access request handling

Articles: 6, 7, 11(6), 21

Data subjects need to be notified about their data privacy rights and organizations are required to simplify the initiation of verified DSR requests. The automation of the delivery and generation of secure data access reports will greatly reduce the risk of compliance violations and reduce the workforce required to comply with all the requests.

Secure fulfillment of data access

Articles: 6, 21

Disclosure of information to the data subjects within a limited time frame of receiving a verifiable data request is a must for any organization looking to comply. This will be free of charge and delivered through a secure, centralized portal.

data access request
data rectify request

Automate processing of rectification requests

Article: 5(4)

With the help of automated data subject verification workflows across all appearances of a subject’s personal data, you can seamlessly fulfill all data rectification requests.

Automate erasure requests

Article: 5(3)

Fulfill data subject’s’ erasure requests, swiftly, through automated and flexible workflows.

data erasure request
processing request

Automate objection and restriction of processing requests

Article: 5(2)

Create a framework for restriction and objection of processing handling based on business requirements, with collaborative workflows.

Continuous monitoring and tracking

Articles: 2, 10, 8, 11(7), 22,

Keep track of risks involved by continuously scanning and monitoring data against non-compliance to subject rights, security controls, or data residency.

personal data monitoring tracking
personal information data linking

Automate People Data Graph

Discover personal information stored across all your internal and external systems within the organization and link them back to a unique data subject. Also, visualize personal data sprawl and identify compliance risks.

Meet cookie compliance

Articles: 4, 5(1), 17

Automatically scan the web properties within your organization, categorizing tags, and cookies. Also, build customizable cookie banners, collect consent, and provide a preference center.

cookie consent
consent preference management

Monitor and track consent

Articles: 4, 5(1), 17, 19(3)

Track consent revocation of data subjects to prevent the transfer or processing of data without their consent. Seamlessly demonstrate consent compliance to regulators and data subjects.

Assess Qatar DPL readiness

Articles: 2, 8-13

With the help of our multi-regulation, collaborative, readiness, and privacy impact assessment system, you can gauge your organization's posture against Qatar DPL requirements, identify the gaps, and address the risks. Seamlessly being able to expand assessment capabilities across your vendor ecosystem to maintain compliance against Qatar DPL requirements.

Assess GDPR readiness
map data flows

Map data flows

Articles: 23, 24, 25

Track data flows in your organizations, trace this data, catalog, transfer, and document business process flows internally and to service providers or third parties.

Manage vendor risk

Articles: 15, 12

Keep track of privacy and security readiness for all your service providers from a single interface. Collaborate instantly with vendors, automate data requests and deletions, and manage all vendor contracts and compliance documents.

manage vendor risk
breach response notification

Breach Response Notification

Articles: 11(5), 14

Automates compliance actions and breach notifications to concerned stakeholders in relation to security incidents by leveraging a knowledge database on security incident diagnosis and response.

5 key data subject rights encoded within PDPA

Right to withdraw consent

Organizations can process personal data only after obtaining the consent from the data dubjects. The DPL provides data subjects the right to withdraw their prior consent for the processing of personal data.

Right to Access

Data subjects have the right to access and obtain the copy of the personal data. They can also apply to review their personal data.

Right to Rectification

Data subjects have the right to request corrections to the personal data. A correction request shall be accompanied with proof of the accuracy of such request.

Right to be Notified

Data subjects have the right to be notified of processing the personal data and the purposes for which such processing is conducted.

Right to Object

Data subjects have the right to object to processing of the personal data if such processing is not necessary to achieve the purposes for which such personal data have been collected or where such collected personal data are beyond the extent required, discriminatory, unfair or illegal.

Right to Erasure

Data subjects can request omission or erasure of the personal data upon cessation of the purpose for which the processing has been conducted, or where all justifications for maintaining such personal data by the organization cease to exist.

Facts related to Qatar DPL

1

The DPL incorporates concepts familiar from other international privacy frameworks to protect a consumer's personal data.

2

Under the DPL, a data controller is responsible for identifying all parties who process personal data on its behalf.

3

In Qatar, the Compliance and Data Protection department (the “CDP”)at MoTC is responsible for the enforcement of the DPL. .

4

The MoTC can also impose fines of up to QAR 5 million (US$1.4 million) for violations of certain provisions of the DPL.

5

There is currently no obligation for organizations in Qatar to appoint a data protection officer under the DPL.