Cullen International has published new research covering the status of personal data protection legislation in 13 Middle Eastern and North African countries (MENA).
The new benchmark shows the status of personal data protection laws in MENA, including whether an independent data protection authority has been established to enforce the law.
Our research shows that eight of the studied MENA countries have national legislation to protect personal data. Four countries (Tunisia, Morocco, Qatar and Turkey) enacted laws before the general data protection regulation (GDPR) of Europe came into force in May 2018. Bahrain, Algeria, and Lebanon enacted their national data protection laws in 2018 and Egypt in 2020.
The research also reviews how personal data has to be managed, including:
- whether prior approval or declaration is required from the governing authority for data collection or processing?
- If prior authorisation is required to transfer personal data outside the country, and if there are other restrictions on transferring data to other countries?
In addition, the benchmark shows whether there is an obligation to designate a data protection officer and what are the data breach notification requirements.
Cullen International’s research also covers the rights of data subjects, in particular whether they have the right to:
- object to the processing of their personal data or withdraw earlier given consent;
- receive a copy of the personal data held, and whether there is a fee to access this data;
- be compensated for any unlawful processing of personal data; and
- port their personal data from one controller to another.
For more information and to access the full benchmark, please click on “Access the full content” - or on “Request Access”, in case you are not subscribed to our MENA Telecoms Service.
more news
30 September 24
More than half of universal service providers studied by Cullen International are tasked with public service missions beyond the universal service
According to Cullen International’s latest research, postal universal service operators in 12 out of 21 studied countries have been entrusted with public service missions beyond the provision of the universal service.
26 September 24
Who will enforce the EU rules on data, AI and cybersecurity at national level across Europe?
EU member states are appointing different types of authorities to implement new EU digital rules. While they are making progress on the implementation of the Data Governance Act and the transposition of the NIS2 Directive, efforts on the Data Act and the AI Act are still in their early stages.
20 September 24
EU Timeline: regulatory milestones until the end of 2024
This edition of Cullen International’s EU Timeline highlights key regulatory developments foreseen at EU level until the end of 2024.