Law No.13 of 2016 Qatar

• November 3, 2016 – Law enacted and issued.
• February 3, 2017 – Published in the Official Gazette.
• August 3, 2017 – Deadline for organizations to comply (6-month transition period).

• Companies processing personal data in Qatar.
• Foreign businesses handling Qatari user data.
• Public and private sector organizations collecting personal data.
• Website operators gathering data from Qatari residents.

• Personal data processed for national security and law enforcement.
• Personal or household data use.
• Data processing for statistical and research purposes.

• Obtain clear and informed consent before data processing.
• Implement appropriate security measures to protect data.
• Notify individuals of data collection purposes.
• Allow individuals to access, correct, and delete their data.
• Appoint a Data Protection Officer (DPO) when required.

Report data breaches to the National Cyber Security Agency (NCSA).

• Display a clear and accessible privacy policy.
• Obtain consent for cookies and tracking technologies.
• Provide users with control over their data preferences.
• Implement security measures to safeguard user data.

• Parental consent is required for processing children's data.
• Restrictions on cross-border data transfers.
• Explicit consent required for processing sensitive data.

• Right to access personal data.
• Right to rectification and erasure (Right to be Forgotten).
• Right to restrict or object to processing.
• Right to data portability.
• Right to challenge automated decision-making and profiling.

• Supervised by the National Cyber Security Agency (NCSA).
• Fines: Up to 1,000,000 Qatari Riyals (~$275,000 USD) for violations.
• Serious violations may result in fines of up to 5,000,000 Qatari Riyals (~$1.37 million USD).
• Additional penalties include restrictions on data processing activities.