Qatar Locks in Protection with New Data Privacy Law

In response to decreases in the price of oil and gas, the GCC finance ministers have signed a Value Added Tax (“VAT”) agreement which will impose new taxes on certain items and services. Neither Qatar’s officials nor the Shura Counsel (parliament) have publicized specific details related to the upcoming VAT regulations. However, it is understood that certain food products, education services, and most of the healthcare sector will be exempted from VAT. The new VAT regime is expected to be introduced not later than 2018.

Although Qatar has made stride in diversifying its economy, it still mostly depends on the income generated from oil and gas, and accordingly is seeking to enact VAT regulations and reform its fiscal programs quickly in order to secure stable governmental revenue in light of the deficits it has recently experienced.

While there is no doubt that a VAT regime would boost the state’s takings, it remain unclear how new taxes will affect the state’s business economy. Currently, Qatar Law No. 21 of 2009 imposes a 10% corporate income tax, subject to exemptions. The relatively low tax rate has made Qatar an appealing local for potential investors. However, the introduction of a VAT regime could potentially cause potential and existing investors to re-examine their business models.

While the introduction of VAT is not expected until 2018, experts are already analyzing the potential impact of such a change in policy. Of considerable concern if the impact the introduction of VAT would have on SMEs should the State decide not to exempt them from certain forms of taxation. Many smaller investors, especially in the SME sector, would likely have difficulty if they were required to pay high VAT rates, together with the 10% corporate income tax. Furthermore, the recruitment of unskilled labour may become more difficult as the cost of living increases as a result of VAT.

Does this then mean that Qatar is shifting from its previous generous subsidizing country to a taxing region? The answer to this question remains to be seen, and will ultimately depend on the reaction to the new tax regime by businesses and individuals. As no specific regulations have been circulated to date, the majority of the population has adopted a “wait and see” approach to the proposed VAT regime.

To learn more, contact the author:

Michael Earley

The State of Qatar will be the first in the GCC to enact a national level regime that specifically addresses data protection and privacy matters. Law No. 13 of 2016 Concerning Privacy and Protection of Personal Data (“Data Privacy Law”), visit this aims to set minimum levels of protection for personal data within the country. Issued in November 2016, unhealthy
the Data Privacy Law takes effect from the date of publication in the Official Gazette which is expected to be next year. The Data Privacy Law primarily applies to electronically processed information setting out guidelines for the tech sector on issues relating to marketing communications and the protection of the personal data of individuals and minors.

Regarding individual privacy, Article 22 of the Data Privacy Law prohibits certain forms of direct electronic marketing. The use of ‘spam’ messaging without obtaining an individual’s prior consent or failing to offer an opt-out feature from future communications could result in fines of up to Qatari Riyals (“QR”) 1 million for violators. Specific restrictions also safeguard the information of minors by requiring certain policies for websites directed at children. Article 17 requires parent or guardian consent where a minor’s personal data is to be collected. Moreover, individuals have the right to give or withdraw consent at any time in relation to the processing of their personal data. Certain types of sensitive personal data such as criminal or medical records may also only be processed with the permission of the Ministry of Transport and Communications.

Not surprisingly with cyber related hacking incidents increasing around the MENA region, Qatar’s Data Privacy Law also places restrictions on businesses, requiring them to ensure that sufficient action is taken to protect the privacy of personal data. For example, the law stipulates that companies should train their data processing staff to a high standard, take measures to protect personal data from being illegally accessed or damaged, and periodically conduct audits. Companies failing to adhere to the requirements of the Data Protection Law could be subject to fines of up to QR 5 million. Subject to any extensions, businesses will have a grace period of six months from the effective date of the Data Protection Law to ensure that they comply with its requirements.

Interestingly, Article 18 of the law includes exemptions from such obligations in circumstances involving the protection of national security, or matters relating to the economic or financial state of the country, and (perhaps controversially) in the prevention or investigation of a crime.

Having been in the works since 2011, the Data Privacy Law is a step toward ensuring that personal data is protected from unauthorized access and/or hacking. As a relatively new and untested piece of legislation, businesses are already considering the changes in business practices that will be required in order to comply with the law’s requirements.

To learn more, contact the author:

Michael Earley