The countries of Saudi Arabia, Kuwait, the UAE, Qatar, Bahrain, and Oman form the consortium of middle east countries.

Oman has no regulation for the protection of personal data, other regions have different regulations for the protection of data.

Saudi Arabia

While the kingdom of Saudi Arabia has no dedicated law for privacy regulation, the principles for protection are covered under various other regulations, such as Anti-Cyber Crime Law, Cloud Computing Regulatory Framework and Telecommunications Law and Regulations.


Kuwait does not have any dedicated personal data protection law. The Law No 20 of 2014 (the E-Commerce law) specifies the retention of confidential client data such as their health records and financial information.

United Arab Emirates (UAE)

The UAE has various law for the protection of personal data for different sectors along with dedicated laws for privacy.

Abu Dhabi- The Data Protection Regulation 2021 apply to the Processing of Personal Data in the by any establishment of a Controller or a Processor in the region, even if such processing does not take place in Abu Dhabi.

Dubai- The Data Protection Regulations along with the Data Protection Law of 2020, applies to the Processing of Personal Data by a Controller or Processor incorporated in the DIFC, regardless of whether the Processing takes place in the region.


Qatar has implemented Law No. (13) of 2016 Concerning Personal Data Protection (“the Data Protection Law”). The provisions of this Act apply to personal data when processed electronically, obtained, collected or extracted in preparation for electronic processing, or processed by combining electronic and traditional processing.

The business center of Qatar, ‘The Qatar Financial Centre (“QFC”)’ has its own regulations that are separate and distinct from those of the State of Qatar, the QFC Regulation No. 6 of 2005 on QFC Data Protection Regulations (“DPL”).


Bahrain enacted Law No. 30 of 2018 with respect to Personal Data Protection (“PDPL”). The law applies to any person who is habitually resident in the Kingdom or maintains a place of business in the Kingdom or to any person not habitually resident nor maintains a place of business in the Kingdom, but processes data by using means situated in the Kingdom, unless such means are used only for purposes of transit of data over the Kingdom’s territory.

The regulations of different regions in the Middle east require a different set of compliances by businesses operating in the region. For any assistance in the compliance of data protection laws of the Middle Eastern Countries, please reach to us.

Get in touch with us