Middle East


Below, you can find the IAPP’s collection of coverage, analysis and resources related to the privacy industry in the Middle East region.

Featured Resources

Amendments in Turkish data protection law

The KVKK seeks to amend Articles 6 and 9 of the LPDP on the processing special category of personal data and cross-border data transfers. The proposal has yet to be shared with the National Assembly, but is expected to be approved and take force sometime in 2022.
Read More

10 steps to prepare for the UAE’s Data Protection Law

Change is coming for the organizations in the United Arab Emirates after passage of the 2021 Personal Data Protection Law in November. This article provides a rundown of the top-10 considerations for organizations to comply with the new regulation.
Read More

Middle East: Stalling on compliance is not an option

As Middle Eastern countries ramp up their regulatory oversight and rigor over data protection, companies in the region are seeking guidance on how to evaluate their risk, implement data privacy frameworks and uphold compliance. Given a multitude of complexities, it is very difficult for organizations to stay abreast of all the requirements.
Read More

Latest News and Resources

'Data transfer theater:' The US and Israel take the stage

This week, U.S. President Joe Biden is expected to sign an executive order cementing the legal basis for the Trans-Atlantic Data Privacy Framework, aka “Privacy Shield 2.0.” The executive order will likely create a redress mechanism, which will allow European individuals to challenge — or at least gain a modicum of insight into — surveillance practices by U.S. national security agencies. On a smaller scale but in the same vein, the government of Israel issued a draft decision Monday, announcing... Read More

Israel tightens marketing rules with a do not call registry

A do not call registry in Israel starts operating early 2023 and joins an already stringent set of consumer privacy protection under Israeli laws. Marketers who call numbers listed in the registry will face significant fines and class actions. Israel joins more than 30 other countries with government-operated opt-out lists for marketing calls. Opt out of marketing calls In December 2020, the Consumer Protection and Fair Trade Authority imposed an NIS 8.3 million (about US$2.5 million) fine on ... Read More

How to prepare for Saudi Arabia’s Personal Data Protection Law

In September 2021, the Kingdom of Saudi Arabia issued its Personal Data Protection Law to regulate the processing of personal data. The PDPL is the first federal, sector-agnostic data privacy legislation in Saudi Arabia. Organizations will be faced with significant changes to their operations to ensure compliance. The PDPL comes into effect only 180 days after the publication in the Official Gazette, meaning the law will be effective March 23, subject to the passage of the implementing regulati... Read More

DPOs in Israel — An analysis of a regulatory maze

Do Israeli privacy laws mandate the appointment of a data protection officer? The simple answer is that currently, it is not entirely clear. Israel faces significant changes to its privacy laws and the duty to appoint a DPO may either become part of the law or remain a regulatory recommendation only. On Jan. 25, the Protection of Privacy Authority released guidelines on the appointment of data protection officers, their roles and responsibilities. The guidelines set forth recommendations and re... Read More

Regional Resources

Click below to navigate to resources by region.

Afghanistan, Bahrain, Egypt, IranIsrael, Jordan, Oman, Pakistan, Palestine, Saudi Arabia, Turkey

View More Resources

View More Resources