The deadline is looming for the introduction of Bahrain’s new game-changing Personal Data Protection Law (PDPL) impacting companies in the Kingdom and others engaging with customers there.
The PDPL comes into force on August 1 this year. It will be overseen by the new Personal Data Protection Authority (PDPA) which can impose hefty fines and penalties for non-compliance or data breaches.
What it means for you
The PDPL gives individuals rights as to how their personal data can be collected, processed and stored. It imposes obligations on businesses to manage and process customers’ personal data fairly and securely and that they are notified of when their personal data is collected and processed.
This all means Bahrain business owners and companies dealing with customers in the Kingdom must now seriously consider the risks associated with data breaches. Just as with the GDPR in Europe, PDPL incorporates criminal penalties and heads of companies could face jail in case of a breach.
The PDPA can issue orders to stop violations, including issuing emergency orders and fines while the law carries criminal penalties for businesses violating certain provisions. Civil compensation is also allowed for individuals who incur damage arising from the processing of their personal data by the data manager or PDPL violations by a business's data protection supervisor.
PDPL costs & more
While the resulting non-compliance and/or a data breach fines alone could be financially punishing, the after-math costs of any cyber security attack could be crippling. Remember, a recent Ponemon Institute study puts Middle East spend on post-breach response at US $1.43 million – and that’s without the hidden costs of productivity disruption, and reputational damage. A serious internal study of a company’s risks is now an essential preventative requirement.
Remember, PDPL isn't optional. Ensure compliance and stay safe today.