MOTC Releases Guidelines on Personal Data Privacy Protection Law
Doha – Qatar
Marking the Data Privacy Day, Compliance and Data Protection Department at the Ministry of Transport and Communications has announced the release of the guidelines of the Personal Data Privacy Protection Law No. 13 of 2016 to help the target audience; individuals, regulated entities and stakeholders, understand their respective responsibilities, rights and practices as per the said law.
On this occasion, Acting Assistant Undersecretary of Cyber Security Affairs, MOTC, Mr. Othman Salem Al-Hamoud, said, “In the context of MOTC’s commitment to overseeing the implementation of the Personal Data Privacy Protection Law, we are pleased to announce the release of the guidelines of the Personal Data Privacy Protection Law No. 13 of 2016, which provide a set of guidelines, controls, assistive tools, checklists and templates for regulated entities addressed by the provisions of the law to support compliance to the law. They also include guidance for individuals to become more aware of their rights and responsibilities as per the law.”
He stressed the necessity for regulated entities to refer to these guidelines and reposition according to their individual role either as data processor or data controller, without prejudice to the provisions of the law and, thereby, avoiding liability.
Director of Compliance and Data Protection Dep., MOTC, Eng. Dana Al-Abdulla, called upon the regulated entities addressed by the provisions of the law to strike a balance between ensuring the protection of personal data privacy and their right to technological advancement and the use of techniques and data to achieve individuals’ rights.
She pointed out to the importance to take into consideration the fundamental personal data processing principles provided for by law: transparency, honesty, respect of human dignity, data minimization, accuracy, storage limitation, integrity and confidentiality, purpose limitation and accountability. She said that her department explained these principles and how to put them into practice, in the released guidelines released.
Eng. Al-Abdulla advised regulated entities to take into consideration the methods they control and/or process the personal data and be responsible for that. She also confirmed the importance of adopting a methodology based on risk analysis, as per privacy principles, and putting such principles in the heart of the approach of processing and controlling the personal data.
Personal data privacy is concerned with the use of individuals’ personal data in technological systems – a field that combines technology and respect of individual’s privacy within a regulatory, law framework that regulates the relation between the individual and the entity that collects and uses their data.
A data controller is a natural or legal person who, whether acting individually or jointly with others, determines how Personal Data may be processed and determines the purpose(s) of any such processing Personal Data Processing.
A data processor is a natural or legal person who processes Personal Data for the controller.
Personal Data Processing is when personal data is processed through one operation or more such as gathering, receipt, registration, organization, storage, preparation, modification, retrieval, usage, disclosure, publication, transfer, withholding, destruction, erasure and cancellation.
According to Article 8 of the Law, the “Controller shall abide by the controls related to designing, changing or developing products, systems and services pertinent to Personal Data Processing and shall take appropriate administrative, technical and financial precautions to protect Personal Data, in accordance with what is determined by the Competent Department”, and this has been explained by the Compliance and Data Protection Dept. in the guidelines.
Moreover, the department provided several assistive tools for the audience the law addresses to help them reposition in line with the provisions of the law. Such tools include but are not limited to “Record of Processing Activities” (RoPA), “Personal Data Management System” (PDMS) and “Data Protection Impact Assessment” (DPIA).
Eng. Al-Abdulla said that within the Compliance and Data Protection Dept.’s commitment to contacting those who are concerned with the law and raising awareness of the guidelines, the department will organize workshops and panel discussions for all sectors, Arabic and English awareness forums for individuals and publish awareness messages on MOTC’s social media accounts.
The guidelines are available at compliance.qcert.org. Compliance and Data Protection Dept. can be reached at firstname.lastname@example.org or 44069991 or via its websites.