Gulf data privacy regulators build enforcement powers

Data Protection Authorities in the Gulf are building towards stronger data privacy regulations and improved data law enforcement, following the introduction of the EU’s General Data Protection Regulation last year.

Quatar is standing out from other GCC (Gulf Cooperation Council) nations after launching its Privacy and Protection of Personal Data Law in 2016, while Bahrain introduced new data protection laws at the start of August 2019.

United Arab Emirates is due to bring in similar legislation later this year. Saudi Arabia following suit in 2020 leaves only Oman and Kuwait to implement stronger data laws.

Director for digital trust at PwC, Phil Mennie has underlined how the advent of the GDPR has sparked a huge increase in the demand for data privacy experts.

“We are seeing a lot of changes across the GCC region and a lot of privacy laws are coming in,” he said.

“Large organisations are impacted by the GDPR but we observed, unlike in Europe where privacy has been a topic for a very long time, in the Middle East there is a lower understanding of how privacy impacts organisations,” Mennie added, before highlighting how Gulf companies are finding ways to be creative with data analytics to tap into new revenue channels.

A PwC survey found that 89% of customers polled avoid relying on businesses that do not treat data privacy as a priority, while 87% of CEOs feel that the absence of adequate privacy protections over personal data constitutes a risk within their organisation.

Other research by Cybersecurity Ventures, found cyber-attacks to be the fastest-growing crime. More alarmingly, the study found that cyber-attacks are increasing in magnitude and sophistication, pushing up the amount of money firms have to spend to fully recover.

By 2021, cyber-crime is anticipated to create a global bill of $6 trillion, a 100% increase on costs incurred by cyber-crime in 2015. Meanwhile, the cyber-security market is expected to grow by 12-15% year-on-year growth as we go through 2021.


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/