Middle East and Africa Regions


    • Personal Data Protection Law (Data Protection Law) No. 30/18
    • Constitution of Bahrain 2002 provides citizens with a right to privacy, including confidentiality relating to postal, telegraphic, telephone and electronic communications *
    • Amiri Decree No. 15 of 1976 with respect to the Penal Code, protects individuals’ right to privacy with provisions allowing sanctions against those who disclose information without consent from the concerned person
    • Legislative Decree No. 9 of 1984 with respect to Central Population Register, prohibits divulging demographic information and imposes sanctions against those who disclose information without the consent from the concerned person
    • Legislative Decree No. 54 of 2018 with respect to Electronic Letters and Transactions, which will come into force on February 1, 2019, protects the confidentiality of electronic records
    • Legislative Decree No. 48 of 2002 with respect to Telecommunications, prohibits divulging confidential information
    • Decree No. 64 of 2006 with respect to the Central Bank of Bahrain and Financial Institutions Law, contains provisions relating to confidential information and disclosing such information
    • Resolution No. 8 of 2009 with respect to Licensees to implement Lawful Access, protects the subscriber’s right to privacy in the telecommunications services domain
    • Consumer Protection Guidelines Reference No. CCA/1112/451 (December 29, 2011), contains provisions on consumer privacy relating to personal information and calling patterns
    • Law No. 35 of 2012 with respect to Consumer Protection, protects consumer privacy to maintain personal information and keep it from being exploited for other purposes
    • Law No. 36 of 2012 with respect to Labour Law in the Private Sector, provides a right to privacy for employee data
    • Decree No. 16 of 2014 with respect to the Protection of Information and National Documents, covers the importance of information relating to national security
    • The Resolution No. 3 of 2015 with respect to Bulk Messaging protects recipients from unsolicited and solicited messages
    • Law No. 60 of 2014 with respect to Information Technology Crimes, mentions the penalties of unlawful taping, capturing or intercepting, by technical means, any non-public transmission of information devices data to, from or within an information technology system.


    • Burundi does not have a law that specifically regulates personal data protection.
    • Law no 1/012 of May 30, 2018 governs the Code of Health Care and Health Services Provision in Burundi, healthcare institutions
    • Law No. 1/17 of August 22, 2017 governs banking activities
    • Legislative Decree No. 100/153 of June 17, 2013 governs the Regulation of the Control and Taxation System for International Telephone Communications entering Burundi
    • Decree-Law No. 100/112 of April 5, 2012 governs the Reorganization and Operation of the Telecommunications Regulatory
    • Control Agency ‘ARCT’; Ministerial Ordinance No. 730/1056 of November 7, 2007 governs the interconnection of telecommunications networks and services opened to the public.






    • The Data Protection Act (the ‘Act’) was enacted in 2003 (not yet in force)

    UAE- Abu dhabi

    UAE- Dubai

    UAE- Dubai Health Care City Free Zone

    UAE- General

    *Disclaimer: This general information is provided for reference purpose only. It is informed that laws are subject to frequent updation and each jurisdiction may have additional civil laws and policies in place. Also link to laws provided for certain countries are of unofficial english translation therefore readers are advised to cross-check/ validate the information provided from official sources.