Financial Crime World

Personal Data Protection Law in Jordan: What You Need to Know

Jordan’s Personal Data Protection Law (PDPL) has introduced a series of stringent measures to safeguard the privacy rights of individuals. At its core is the principle that personal data must be adequate, relevant, and limited in relation to the purposes for which it is processed.

Rights of Individuals

Under the law, individuals will have a range of rights, including:

  • The right to access their personal data
  • The right to rectify (correct) their personal data
  • The right to erase their personal data

Controller Requirements

Controllers are required to obtain explicit consent from data subjects before processing their information. They must also:

  • Appoint a Data Protection Officer (DPO) if they engage in processing personal data or sensitive information
  • Ensure the DPO implements appropriate controls, evaluates and periodically reviews data systems, and manages complaints from data subjects

Breach Notification

In the event of a data security breach, controllers must:

  • Notify affected individuals within 24 hours
  • Provide them with information on necessary measures to avoid consequences
  • Inform the Personal Data Protection Unit (Unit) within 72 hours of discovering the breach

Penalties for Non-Compliance

The PDPL establishes penalties for non-compliance, including:

  • Suspension or cancellation of licenses
  • Daily fines
  • Destruction of data in cases where a conviction has been issued

Enforcement Mechanisms

The Unit will be responsible for monitoring compliance with the law and preparing draft legislation. A Personal Data Protection Board, presided over by the Minister, will also play a crucial role in enforcing the law and issuing guidelines on data protection standards and measures.

What’s Next?

The PDPL is set to take effect from March 17, 2024, with parties handling personal data prior to this date having a one-year period to adjust their position to comply with the new requirements. Further regulations are expected to be issued under the law to clarify aspects of its implementation.

Businesses Must Act Now

All businesses operating in Jordan will need to assess their activities and make changes to align with the incoming PDPL as quickly as possible. Failure to comply may result in penalties, including suspension or cancellation of licenses, daily fines, and even destruction of data.