Data Privacy Law Guidelines Issued
February 24, 2021
By: Michael Earley, Legal Manager
On the occasion of Data Privacy Day the Ministry of Transportation and Communication (“MOTC”) announced that its Compliance and Data Protection Department had released guidelines (“Guidelines”) regarding Law No. 13 of 2016 (“Data Privacy Law”).
The Guidelines apply to any organisation or entity that processes personal data whether through electronic means or in combination with non-electronic means. The Guidelines set out the obligations of regulated entities when acting as a controller or processor of personal data. They also include specific rights that individuals have in respect of their personal data including how to file complaints and granting consent for data processing.
Offering an impressive array of information that clarifies many elements of the Data Privacy Law, the Guidelines include the following documents for regulated entities:
- A Personal Data Breach Form;
- Sensitive Personal Data Permission Request Form – this is particularly important as until now it was not entirely clear how a regulated entity would receive permission to process this sort of data);
- Guidelines for Controller and Processors;
- Data Privacy by Design and by Default Guidelines;
- Guidance on Direct Marketing Electronic Communications;
- Competent Authorities Exemptions to the Data Privacy Law;
- Guidelines for conducting a Data Privacy Risk Assessment; and
- Guidelines for Individuals’ Rights, among others.
There is a separate section covering the Guidelines for individuals.
The Guidelines may be found here: https://compliance.qcert.org/en/library/privacy