Doha: Director of National Cyber Governance and Assurance Affairs and Head of the National Data Privacy Office at the National Cyber Security Agency (NCSA), Dana Youssef Al Abdullah, emphasized the significance of Data Privacy Day, observed annually on January 28. The day aims to highlight the importance of safeguarding personal data for all digital space users. She noted that the event seeks to raise awareness about preserving personal data privacy in technological interactions and ensuring compliance with privacy principles and data security.

According to Qatar News Agency, Eng. Al Abdullah explained that many countries utilize this occasion to promote the culture of personal data privacy, educating individuals about their rights and institutions about their obligations. She added that the NCSA, represented by the National Data Privacy Office, celebrates this day annually and plans to host several activities this year. These include a special event on personal data privacy, panel discussions on challenges in the field, and specialized workshops.

Al Abdullah pointed out that these workshops will bring together experts from various sectors to address data privacy challenges and collaborate on joint initiatives. Notable sector-specific sessions will target the financial sector, law firms, privacy consultants, and the healthcare industry. Al Abdullah also highlighted the agency’s partnership with the Qatar Media Corporation and other institutions to disseminate tips on best practices for personal data protection. These efforts will be promoted through the agency’s social media platforms.

She stressed the importance of cooperation among state institutions and regulatory bodies to ensure compliance with Qatar’s Personal Data Privacy Protection Law, underlining the importance of enhancing the culture of data privacy and educating the public about their rights and responsibilities under the law. These efforts are crucial for building trust and fostering digital confidence within Qatari society. Al Abdullah detailed the key provisions of Qatar’s Personal Data Privacy Protection Law, Law No. 13 of 2016, which addresses the growing risks to personal data in the digital sphere, especially as institutions and companies increasingly rely on such data for services.

The law outlines obligations for data controllers and processors, mandating that personal data be processed transparently and ethically, respecting human dignity and accepted practices. She explained that the law also establishes individuals’ rights regarding personal data protection, including guidelines for processing sensitive data, electronic communications for direct marketing, and children’s data. It specifies exemptions and penalties, with financial fines for violations reaching up to QR 5 million.

Al Abdullah underscored that the law is instrumental in bolstering digital trust. Compliance with its provisions by companies and institutions, along with administrative, technical, and financial measures to safeguard personal data, fosters confidence in the state’s digital ecosystem. She described the law as an extension of Qatar’s constitution, which guarantees human privacy, including in the digital realm, aligning with Qatar National Vision 2030.

Al Abdullah underlined the significant role of the NCSA in implementing and supervising Qatar’s Personal Data Privacy Protection Law. She explained that the agency established the National Data Privacy Office as a specialized entity to oversee compliance with the law. This office is tasked with issuing and updating policies, guidelines, and tools to ensure adherence to the law, as well as organizing training programs and workshops for entities covered by its provisions. Moreover, the agency works on proposing legislative tools to strengthen the enforcement of the law.

She noted that the National Office has developed several tools to assist stakeholders in complying with the law and assessing their level of compliance. These tools, alongside additional resources, are accessible on the agency’s website at assurance.ncsa.gov.qa. In addition, Al Abdullah highlighted that the National Data Privacy Office maintains daily communication with entities subject to the law, providing consultations and monitoring relevant services. Last year, the office issued several reasoned decisions as part of its efforts to enforce the law effectively.

Director of National Cyber Governance and Assurance Affairs and Head of the National Data Privacy Office at the NCSA, Dana Youssef Al Abdullah, highlighted the agency’s commitment to fostering international cooperation in data privacy. She noted that the agency actively seeks membership in global organizations such as the International Association of Privacy Professionals and the Global Privacy Enforcement Network. She added that the agency represents the State of Qatar at regional and international forums and collaborates with counterpart institutions worldwide.

Regarding the impact of the law on Qatar’s global rankings in data protection and safe digital environments, Al Abdullah explained that the enactment of this legislation reflects the country’s dedication to safeguarding individual rights in the digital sphere. She pointed out that Qatar, being the third Arab country and the first Gulf nation to issue a personal data privacy law, underscores its commitment to raising digital awareness among individuals to enable them to leverage technological advancements safely and responsibly.

She further elaborated that the law, along with other telecommunications and IT regulations and national strategies in the digital domain, has contributed to creating a balanced digital environment that ensures individuals’ freedom to access data while guaranteeing fair processing practices. This balance has significantly improved Qatar’s ranking in global indicators, enhanced trust in the country’s digital economy, and positively influenced investment attraction and the expansion of innovative digital initiatives.

Al Abdullah emphasized the benefits of the law for institutions, explaining that it sets out clear frameworks and general principles for managing personal data. The law outlines the technical, administrative, and financial precautions that institutions must adhere to when collecting and processing data. By clearly defining compliance parameters, the law simplifies institutions’ understanding of data processing requirements and data privacy protection, allowing them to build competitive advantages by fostering trust with consumers and clients.

She also pointed out that the guidelines issued by the National Data Privacy Office play a crucial role in helping institutions implement effective data privacy management systems at the organizational level to meet regulatory requirements. Discussing the positive effects of the law on individuals and society, Al Abdullah stated that the Personal Data Privacy Protection Law includes numerous provisions that empower individuals to safeguard their data from unauthorized access or misuse. These provisions ensure that individuals can understand how their data is collected, processed, the purposes behind its collection and processing, the entities with whom their data is shared, and the duration for which it is stored. This level of transparency and fairness reinforces trust and strengthens the principles of integrity in data processing.

She elaborated that the law grants individuals several rights, such as the right to data protection and lawful processing, the right to withdraw consent for data processing, the right to request data deletion, the right to object to data processing, the right to request corrections to personal data, the right to be notified about data processing activities, the right to be informed of any inaccurate data disclosures, and the right to access their personal data.

Al Abdullah further explained that one of the most significant features of the law is its emphasis on guiding entities governed by its provisions to assess potential risks to individuals and make appropriate decisions on how to process and protect personal data. For example, the law requires data controllers to notify individuals in the event of any data breach and inform the relevant regulatory authority. This allows individuals to take necessary actions to protect themselves from potential risks such as fraud or identity theft. The law also authorizes regulatory authorities to evaluate the measures implemented by institutions to safeguard personal data and reduce the risks associated with data breaches.

Concluding her interview with QNA, Al Abdullah described the law as comprehensive and forward-looking, addressing the evolving landscape of the digital world and emerging technologies, including artificial intelligence. She stated that the law fosters trust within the community, assuring individuals that organizations handling personal data are subject to regulatory requirements. Furthermore, it allows individuals to file complaints with the relevant authority in cases of violations of the law’s provisions.