Law: Data Protection Regulations (access available here) ('the 2021 Regulations'), the Data Protection Rules (access available here) ('the 2021 Rules'), the QFC Data Protection Regulations 2005 (access available here) ('the Regulations'), and the Data Protection Rules 2005 (access available here) ('the Rules')

Regulator: Data Protection Office (not yet operational) and the Qatar Financial Centre Authority ('QFC Regulatory Authority') for the purposes of the 2005 Rules and Regulations

Summary: The Qatar Financial Centre ('QFC') is a global business and financial centre with an independent legal and regulatory infrastructure. It was established by the Qatar Financial Centre Law (Law No. (7) of 2005) ('the QFC Law'), which also provided the QFC Authority with the power to produce the Rules and Regulations. 

In light of global developments in data protection, and 16 years after the introduction of the 2005 Rules and the 2005 Regulations, the QFC Regulatory Authority proposed various changes to each of the same. Following a public consultation on the proposed changes which ended in September 2021, the 2021 Regulations and the 2021 Rules were issued on 21 December 2021. The 2021 Regulations present significant changes to the law, including the establishment of a new Data Protection Office and the Data Protection Commissioner, additional data subject rights, including the right to data portability and the right not to be subject to automated decision-making, a requirement to implement appropriate technical and organisational measures on controllers, and a requirement to conduct Data Protection Impact Assessments ('DPIAs') in certain circumstances. The 2021 Rules add to controllers' transparency obligations towards data subjects and correspond and supplement some of the changes introduced in the Regulations.

The 2021 Regulations and 2021 Rules will repeal the 2005 Rule and the 2005 Regulations on the date of commencement which will be 180 days after the date of signature.