The Law on the Protection of Personal Data was issued in Official Gazette No. 1429, as per Oman’s Ministry of Information. The legislation establishes multiple data subject rights. The Ministry of Transport, Information Technology, and Communications will have sole enforcing power and authority and will be entrusted with developing rules. The PDPL is scheduled to commence one year after the issue date, which implies that it will go into force on February 9, 2023. The executive rules that will support the law are likely to be produced within this time frame.
The new law is part of a more significant new data protection regulations trend throughout the Middle East. It overturns and substitutes Chapter Seven of the Electronic Transactions Law (Royal Decree No. 69/2008), which contained limited rules on the safeguarding of personal information in electronic interactions and any other legal regulations that interfere with the data protection law. PDPL applies to personal data management, which is identified as and comprises an individual’s name, electronic identifiers, civil number, or elements particular to a person’s social, genetic, cultural, physical, mental, or economic identity.
During the time preceding the PDPL’s implementation, the MTCIT may issue further information and recommendations on topics such as the methods and procedures for gaining regulatory permission or disclosing breaches. All businesses engaged in Oman should begin analysing their activities and revising company policies and processes to align with the PDPL as soon as possible. Supervisors will need to teach personnel about the PDPL’s fundamental principles and requirements, and they will need time to ascertain that a data protection ethic is properly-established inside the organisation.
-Adv. Sabrina Bath
(Content Writer, WCSF)