Financial Crime World

Jordan’s Data Protection Law: A New Era of Transparency and Accountability

Amman, Jordan - The Kingdom of Jordan is set to introduce a groundbreaking data protection law that will revolutionize the way personal information is handled in the country. The Personal Data Protection Law (PDPL) is designed to ensure that individuals have control over their personal data and that it is protected from unauthorized access, use, or disclosure.

Data Subject Rights

The PDPL grants individuals a range of rights, including:

  • The right to access and obtain their personal data
  • The right to rectify or update their personal data
  • The right to erase their personal data
  • The right to object to processing
  • The right to withdraw consent
  • The right to transfer their data to another controller
  • The right to be informed of any breach or infringement of their personal data

Data Transfers

The PDPL imposes restrictions on the transfer of personal data outside Jordan unless the recipient provides an adequate level of protection. However, there are exceptions for:

  • Regional or international judicial cooperation
  • Medical treatment
  • Public health emergencies

Data Protection Officer

Controllers that process large amounts of personal data must appoint a Data Protection Officer (DPO) to ensure compliance with the law. The DPO will be responsible for:

  • Implementing controls
  • Conducting periodic reviews
  • Managing complaints
  • Organizing training for employees

Breach Notification

In the event of a data security breach, controllers must notify affected individuals within 24 hours and provide information on measures to mitigate any consequences. They must also inform the Personal Data Protection Unit (Unit) within 72 hours.

Penalties for Non-Compliance

The PDPL establishes penalties for non-compliance, including:

  • Suspension or cancellation of licenses
  • Fines
  • Destruction of data

Enforcement

The Unit, responsible for monitoring compliance, will work alongside a Personal Data Protection Board to ensure that the law is enforced. The Board will have the power to:

  • Approve policies
  • Issue licenses
  • Consider complaints

Effective Date

The PDPL will take effect on March 17, 2024, with a one-year grace period for parties handling personal data prior to this date. Further regulations are expected to be issued to clarify aspects of its implementation.

Impact

The PDPL is set to have a significant impact on businesses operating in Jordan, requiring them to:

  • Assess their activities and make changes to align with the new law
  • Ensure that personal data is adequate, relevant, and limited to what is necessary for the purposes for which it is processed

In conclusion, the PDPL marks a significant milestone in Jordan’s commitment to protecting personal data. By ensuring transparency, accountability, and individual rights, the law will contribute to building trust between individuals and organizations in the country.