Financial Crime World

Jordan’s Data Protection Breaching Party Subject to Sanctions

Amman, Jordan - The Jordanian government has introduced a new data protection law that imposes severe sanctions on parties found breaching the regulations.

Penalties for Violations

According to Article 21 of the Law, violators will face penalties ranging from daily fines to suspension or withdrawal of licenses and permits. These penalties aim to ensure compliance with the law and protect individuals’ personal data.

Definition of Personal Data Breach

The law defines a personal data breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of, or access to, personal information.” In the event of such a breach, data controllers are required to:

  • Notify affected individuals within 24 hours
  • Provide them with necessary procedures to mitigate potential harm

Reporting Obligations

Data controllers must inform the Personal Information Unit (PIU) within 72 hours of discovering the breach about its source, mechanism, and any other relevant information. If the breach is caused by serious fault or infringement, the controller must compensate affected individuals.

Regulatory Body: Personal Information Unit (PIU)

The PIU has been established as a regulatory body responsible for overseeing compliance with the data protection law. The council will issue licenses and permits to entities processing personal data and monitor their adherence to technical and administrative procedures.

Consequences of Non-Compliance

In addition to financial penalties, violators may face:

  • Suspension or withdrawal of licenses and permits
  • Criminal prosecution
  • Courts may order destruction or erasure of personal information in cases where a conviction decision is issued

Implementation Timeline

The law requires all entities handling personal data to adjust their practices in accordance with the regulations within one year from its effective date, even if they were already processing such data prior to the law’s enactment.

Key Takeaways

  • Parties found breaching Jordan’s data protection regulations face severe sanctions.
  • Data controllers must notify affected individuals and provide necessary procedures to mitigate potential harm in case of a breach.
  • The Personal Information Unit has been established as a regulatory body responsible for overseeing compliance with the data protection law.
  • Entities handling personal data must adjust their practices in accordance with the regulations within one year from its effective date.

Contact Us

For more information on how this law affects your business, please contact Mariana Abudayah, Legal Associate at Nsair & Partners - Lawyers, Amman.