Cullen International has published new research covering the status of personal data protection legislation in 13 Middle Eastern and North African countries (MENA).

The new benchmark shows the status of personal data protection laws in MENA, including whether an independent data protection authority has been established to enforce the law.

Our research shows that eight of the studied MENA countries have national legislation to protect personal data. Four countries (Tunisia, Morocco, Qatar and Turkey) enacted laws before the general data protection regulation (GDPR) of Europe came into force in May 2018. Bahrain, Algeria, and Lebanon enacted their national data protection laws in 2018 and Egypt in 2020.

The research also reviews how personal data has to be managed, including:

• whether prior approval or declaration is required from the governing authority for data collection or processing?
• If prior authorisation is required to transfer personal data outside the country, and if there are other restrictions on transferring data to other countries?

In addition, the benchmark shows whether there is an obligation to designate a data protection officer and what are the data breach notification requirements.

Cullen International’s research also covers the rights of data subjects, in particular whether they have the right to:

• object to the processing of their personal data or withdraw earlier given consent;
• receive a copy of the personal data held, and whether there is a fee to access this data;
• be compensated for any unlawful processing of personal data; and
• port their personal data from one controller to another.

For more information and to access the full benchmark, please click on “Access the full content” - or on “Request Access”, in case you are not subscribed to our MENA Telecoms Service.