Oman’s Personal Data Protection Law will come into effect from February 2023 onwards. Royal Decree 6/22 Promulgating the Personal Data Protection Law (PDPL) was issued on the 9th of February 2022 and was published in the Official Gazette on 13th February 2022. It is announced that the law will be applicable a year after its publication. As per the law, the Ministry of Transport, Communications and Information Technology, Oman (“MTCIT”) shall issue the executive regulations in relation to PDPL, as well as the decisions necessary to enforce its provisions. The Oman PDPL on the similar lines of global privacy laws specifies strict requirements around how companies manage and protect personal data of individuals while respecting their choice; irrespective of where data is sent, processed or stored. The Law introduces data protection principles such as transparency, honesty, and respect for human dignity, data subject rights, as well as obligations on controllers and processors, which bring the country’s legislative regime into closer alignment with global data protection laws. The law shall apply to all organizations operating in Oman and any organizations not based in Oman but processing and collecting data on Omani residents and citizens. The Law includes 32 articles inclusive of data security specifications, data protection officer (‘DPO’) appointment, data subject access rights, controller & processor obligations, and penalties for breach of the same.
Data Subject (“Data Owners”) Rights as per PDP Law are:
Note: There are also relevant privacy provisions in various other pieces of legislation. The Royal Decree No. 101/96 Promulgating the Basic Statute of the State (‘the Basic Statute’), for instance, grants certain privacy rights in relation to communications. The Electronic Transactions Law likewise sets a basis for the confidentiality of information, and particularly stresses the importance of encryption practices. There is also a general cybercrime law, Royal Decree No.12/2011 issuing the Cyber Crime Law (‘the Cybercrime Law’), which regulates unlawful practices in cyberspace.