Startup MGZN

Bahrain’s new Personal Data Protection Law is here and is about to change a lot of things, here’s the gist

The Bahrain Parliament just passed a new Personal Data Protection Law on 27th of May 2018 which governs the usage and free movement of personal data. Providing the GCC’s first nationwide standalone regulatory framework for data protection, this law falls in line with Bahrain’s move towards becoming a digital economy. This also comes as part of the Kingdom’s commitment towards having a friendly and regulatory environment where startups and businesses can thrive.

But what’s really the big deal with this new law? How’s it going to affect Bahrain, or impact your startup?

Here’s everything you need to know:

What are the key outcomes of the Personal Data Protection Law?

  1. Data protection is one of the fundamental steps towards having a Digital Economy
  2. It will encourage a greater exchange of digital information
  3. Individuals and businesses will have the opportunity to increase growth and trade through making use of data flows
  4. On a larger scale, economic growth, job creation and increased collaboration can result from accessing new markets and opportunities through cross-border data flows

But why is it so important to Bahrain?

The introduction of this law is going to be incredibly beneficial to the Kingdom. The law will enable us to:

  1. Move forward in our plans to become a Data-driven economy
  2. Create opportunities for Cloud Computing, a key sector with the potential to create jobs as seen through the announcement of an Amazon Web Services (AWS) Region in Bahrain
  3. Facilitate secure and effective data processing for commercial use
  4. Promotes effective data flows and cross-border data transfer
  5. Ensure data confidentiality, availability, and integrity
  6. Increase transparency in data processing and management

How is this relevant to Bahrain’s overall value proposition?

Bahrain has some recent policies and regulatory initiatives that are aligned with the purpose of the Personal Data Protection Law. This includes financial institutions hosting their data in the cloud.

In addition, according to ITU’s 2017 Information Society report, Bahrain’s digital economy has received some international recognition as:

  1. The highest in ICT Development in the MENA region
  2. 31st globally amongst 188 countries in ICT Development
  3. Most dynamic in improving ICT Access

The report also demonstrated Bahrain’s high broadband penetration, with 98% of the population being Internet users and 98% of households having Internet.

The Personal Data Protection Law comes as a natural next step for Bahrain, who is regarded as a regional leader in ICT.

How will startups benefit from it?

With the new law, startups will have a number of advantages. Some of these advantages include:

  1. Operating within a regulatory framework that allows them to be transparent with their stakeholders on how they collect and process data- allowing them to build trust with their customers.
  2. Have a competitive advantage over their regional neighbors by being able to process and transmit data securely, while limiting the risk of breaches and reputational damage.
  3. Be more attractive to customers and potential investors by following the global best practice in data protection.

Here are some of the key features of Bahrain’s Data Protection Law:

The law provides an adequate level of protection for the use of personal data and covers a lot of aspects of the EU ‘General Data Protection Regulation’ (GDPR). The law ensures personal data is:

  1. Fairly and lawfully processed
  2. Adequate, relevant and not excessive.
  3. Not transferred to other countries without adequate protection
  4. Not kept for longer than is necessary
  5. Secure
  6. Accurate and up to date
  7. Processed in line with the data subjects’ rights
  8. Processed for limited purposes

Do you also want to know something really cool? Currently, in the GCC there is no nationwide standalone comprehensive and robust regulatory framework to regulate data protection. This makes Bahrain the 1st to establish a national data protection authority in the GCC which will oversee the privacy of personal data.

The national authority board will be comprised of public and private sector representation. The members include representatives from the University of Bahrain, Telecommunications Regulatory Authority, Central Bank of Bahrain, Ministry of Industry, Commerce, and Tourism, while having private sector representation from the Financial Services and ICT sectors. Until the board is appointed and the authority is formed, the tasks of the authority will be assigned to an existing entity by a virtue of decree.

This new law is surely going to drive Bahrain’s economy and transform it into a digital one. It’s a huge benefit to not only the public and private sectors, but to also individuals as it ensures confidentiality, availability and the integrity of data.

Have any other thoughts and opinions on Bahrain’s Data Protection Law? Feel free to share your thoughts and voice them out on our Twitter, Instagram, Facebook, and LinkedIn.

Bayan Al-A'abed