The Personal Data Protection Authority announced that His Excellency Sheikh Khalid bin Ali Al Khalifa, Minister of Justice, Islamic Affairs and Endowments, issued ten decisions in the framework of organizing the process of processing personal data in light of the application of the Personal Data Protection Law.

The decisions included specifying the requirements that must be met in the technical and organizational measures to protect personal data, the rules and procedures for processing sensitive personal data, the transfer of personal data outside the Kingdom of Bahrain, the conditions for creating personal data records accessible to the public, determining the registration fees in the data protection monitors registry and fees Renewal of registration and cases of exemption and refund.

It also included the procedures and rules for submitting complaints about violations of the provisions of this law, determining controls and guarantees for maintaining the confidentiality of data related to filing and initiating a criminal case and the judgments issued therein, and the rules and procedures for submitting notification to the Personal Data Protection Authority and requesting prior authorization for processing and deciding on it, in addition to the rights of the owner of personal data. , and on data protection monitors.

In accordance with the relevant decision, data managers may transfer personal data directly to the countries and territories included in the disclosure accompanying the decision without the need to obtain permission from the authority, and personal data may be transferred to other countries and territories with the permission of the personal data protection authority in each individual case.

It also allowed data managers to process sensitive personal data without the consent of its owner in the event that one of the cases set forth in Article (5) of the Personal Data Protection Law is available, provided that the processing is carried out within the permissible framework and within the scope of the data subject’s consent, or within the scope of the authorization issued by the authority. In no case may sensitive personal data be processed for a purpose other than the one for which the consent or authorization was granted, with the use of technical measures for processing with a high level of security that ensure a high degree of protection against breach of confidentiality and illegal processing.

The decisions clarified the procedures for registering the external data protection monitor in the data protection monitors register by submitting a request for this through the authority’s website, with the required supporting data and documents attached, which is for a natural person; Experience certificate, good conduct certificate, copy of ID card or passport, personal photo, address and contact details, educational qualifications and CV, and for a legal person; A copy of the commercial register and license, address and contact details.