Personal data refers to an individual’s smart card number or mobile phone number, along with sensitive personal information such as race, ethnicity, political views, religious beliefs, union affiliation, criminal record or any data related to health matters.
The new law is due to come into force today, however, no official announcement has been made about the implementation or the setting up of the Personal Data Protection Authority, which will be tasked with regulating the sector and investigating violations.
“While the authority is yet to be formed, the requirement for compliance doesn’t get impacted as the new law is a nationwide law that has been enacted by a Royal decree,” said KPMG Bahrain risk consulting partner and head Jeyapriya Partiban.
“All organisations in Bahrain will need to be aware of the requirements and specific stipulations of the law and will need to ensure that appropriate processes and protocols are in place to protect the personal and sensitive data of all their stakeholders.”
Ms Partiban said the new law was specific in terms of protection, privacy requirements and disclosure approach.
“Whilst a few organisations in Bahrain have embarked on the implementation of the law, the wider market has yet to come to terms with firstly acknowledging the law and secondly meeting the compliance requirement,” she added.
The PDPL applies to those living and working in Bahrain, local businesses and people who do not reside here but have their data processed from Manama.
Ms Partiban explained that personal data privacy was increasingly becoming a global concern, with major corporations being impacted by this both in financial and operational terms.
“Every data subject in Bahrain has the right to know what personal and sensitive data relevant to them is being collected and what it is being processed for,” said Ms Partiban.
“They also have the right to ensure accuracy of the information and where and for how long it is being stored.
“Most organisations in Bahrain still do not fully appreciate the impact of non-compliance and privacy breach on both individuals and organisations, which is even more critical given the increasing reach of Bahrain businesses globally.”
Businesses in Bahrain will need to adapt to the new compliance requirements that include consents and permissions for handling and storing data. The law stipulates severe penalties, including criminal liabilities for non-compliance, with up to one year in prison and/or a fine of between BD1,000 and BD20,000.
“Individuals can lodge complaints regarding unfair or unlawful data processing practices to the competent authority and may be able to claim compensation for damages suffered as a result of data processing or breaches of the law,” said Dino Wilkinson, partner and head of the Middle East technology, media and telecommunications practice at global law firm Clyde & Co.
“Adapting to the new standards of compliance with the PDPL will be a substantial challenge and businesses will need to develop a culture of data protection within their organisations.”
Details about the new authority are still unclear but according to the law its board should comprise representatives from the Central Bank of Bahrain, the Telecommunications Regulatory Authority and the Bahrain Chamber of Commerce and Industry.
A number of other countries have adopted similar laws, such as the General Data Protection Regulation implemented by the European Union.
© Copyright 2019 www.gdnonline.com
Copyright 2019 Al Hilal Publishing and Marketing Group Provided by SyndiGate Media Inc. (Syndigate.info).