Oman Data Protection Regulations 2024

In a significant move towards enhancing data protection compliance, Oman has introduced new regulations that promise to make it easier for businesses operating in Oman to navigate and align with the region’s legal framework.

This post provides an analysis of Oman’s new data protection regulations. Key aspects covered include the requirement for permits to process sensitive data, the obligation to appoint Data Protection Officers and external auditors, and the detailed protocols for data subject rights and data breach notifications. The post also discusses the consequences of non-compliance, including potential fines.

Introducing the new data protection regulations

The Ministerial Decision No. (34) of 2024, effective from 5 February 2024, marks a pivotal moment in Oman’s approach to data protection. It supplements the existing Oman Sultani Decree No. 6/2022, providing detailed guidance on several aspects of data protection and bringing Oman’s regulations closer to international best practices.

Key features of the new regulations

Permit requirement for sensitive data: Businesses must now obtain specific permits for processing sensitive categories of personal data, a move that distinguishes Oman’s framework from many international practices.
Appointment of DPO and external auditor: A notable requirement is the mandatory appointment of a Data Protection Officer and an external auditor for all entities, ensuring a higher level of oversight and compliance.
Rights of data subjects: The regulations extend the protocols for addressing the rights of data subjects, including detailed procedures for handling requests and complaints.
Data breach notification protocols: A 72-hour notification requirement for data breaches introduces a stringent timeline for businesses to follow, enhancing the protection of data subjects’ rights.
Cross-border data transfer regulations: The new framework outlines specific conditions for the cross-border transfer of personal data, emphasising the need for explicit consent and adequate protection measures.

Compliance timeline and recommendations

Businesses are given until 5 February 2025 to adjust their data processing practices per the new regulations.

This timeline offers a window for companies to review and enhance their data protection policies, ensuring full compliance with Oman’s legal requirements.

Consequences of non-compliance

The regulations underscore the importance of adherence by setting forth clear consequences for breaches.

Businesses that fail to comply with the provisions may face administrative penalties, including warnings, suspension or cancellation of permits, and fines of up to 2,000 Omani rials (approximately US$5,200). These measures are in addition to the penalties outlined in the Oman PDPL, which can reach up to 500,000 Omani rials (US$1.3m) for more severe breaches.

This dual structure of penalties emphasises the seriousness with which Oman regards the protection of personal data, incentivising businesses to prioritise compliance to avoid significant financial and reputational damage.

Need help?

Reach out to our team for expert guidance on complying with Oman’s Data Protection Regulations.

Oman Data Protection Regulations 2024

Introducing the new data protection regulations

Key features of the new regulations

Compliance timeline and recommendations

Consequences of non-compliance

Need help?

Share This Story, Choose Your Platform!

Related Posts

POPIA compliance | Achieving your goal

Personal data deletion rights: Navigating your responsibilities

How do I comply with POPI or POPIA?

Rules for the processing of health information or sex life

Advanced Computer Software Group enforcement action | Ransomware