The law provides a set of guidelines, controls, assistive tools, checklists and templates for regulated entities addressed by the provisions of the law to support compliance.

The Ministry of Transport and Communications (MoTC) has marked the Data Privacy Day, by announcing the release of the guidelines of the Personal Data Privacy Protection Law No. 13 of 2016.

The statement by MoTC’s Compliance and Data Protection Department mentioned that this is to help the target audience; individuals, regulated entities and stakeholders understand their respective responsibilities, rights and practices as per the law.

Acting assistant undersecretary of MoT’s Cyber Security Affairs Othman Salem al-Hamoud said, “The law provides a set of guidelines, controls, assistive tools, checklists and templates for regulated entities addressed by the provisions of the law to support compliance. 

They also include guidance for individuals to become more aware of their rights and responsibilities as per the law.” 

The senior MoTC official stressed that there was a  need for regulated entities to refer to these guidelines and reposition them, according to their individual role either as data processor or data controller, without prejudice to the provisions of the law and, thereby, avoiding liability.

Compliance and Data Protection Department director Dana al-Abdulla called upon the regulated entities addressed by the provisions of the law to strike a balance between ensuring the protection of personal data privacy and their right to technological advancement and the use of techniques and data to achieve individuals’ rights.

The importance of taking into consideration the fundamental personal data processing principles provided for by law: transparency, honesty, respect of human dignity, data minimization, accuracy, storage limitation, integrity and confidentiality, purpose limitation and accountability, al-Abdulla pointed out.

Al-Abdulla advised regulated entities to take into consideration the methods they control and/or process the personal data and be responsible for the same. She also confirmed the importance of adopting a methodology based on risk analysis, as per privacy principles, and putting such principles in the heart of the approach of processing and controlling the personal data.

Personal data privacy is concerned with the use of individuals’ personal data in technological systems – a field that combines technology and respect of individual’s privacy within a regulatory, law framework that regulates the relation between the individual and the entity that collects and uses their data.

A data controller is a natural or legal person who, whether acting individually or jointly with others, determines how personal data may be processed and determines the purpose(s) of personal data processing. A data processor is a natural or legal person who processes personal data for the controller.

Personal data processing is defined as gathering, receipt, registration, organisation, storage, preparation, modification, retrieval, usage,     disclosure,     publication,     transfer,     withholding, destruction, erasure and cancellation of data.

According to Article 8 of the Law, the ‘controller shall abide by the controls related to designing, changing or developing products, systems and services pertinent to Personal Data Processing and shall take appropriate administrative, technical and financial precautions to protect Personal Data, in accordance with what is determined by the Competent Department’. 

This has been explained by the Compliance and Data Protection Department in the guidelines.

The department provided several assistive tools for the audience the law addresses to help them reposition in line with the provisions of the law. Such tools include but are not limited to ‘Record of Processing Activities” (RoPA), “Personal Data Management System’ (PDMS) and ‘Data Protection Impact Assessment’ (DPIA).

Al-Abdulla added that the Compliance and Data Protection Department will organise workshops and panel discussions for all sectors, Arabic and English awareness forums for individuals and publish awareness messages on MoTC’s social media accounts.

For further details,  the Compliance and Data Protection Dept. can be reached at cdp-privacy@motc.gov.qa or 44069991 or via its websites.