QFC Data Protection Regulations
Qatar
2021
Privacy
Overview
Key Obligations
- Process personal data lawfully, fairly, and for specific purposes
- Obtain explicit consent where required and inform individuals of their rights
- Grant rights to access, correct, erase, object, and port personal data
- Conduct data protection impact assessments for high-risk processing activities
- Notify the QFC Data Protection Office of any data breaches without undue delay
- Limit cross-border transfers to approved jurisdictions or use safeguards like standard clauses
- Maintain detailed records of processing activities and cooperate with audits
Stay ahead of risk with Signzy
Explore tools that help you onboard, monitor, and verify with confidence
Identity Verification
Use facial match and liveness checks paired with government ID verification to validate users while onboarding.
One Touch KYC
Launch global KYC flows with built-in document OCR, liveness checks, deepfake detection, and AML, all through a single, customizable dashboard.
MENA API Marketplace
A comprehensive API marketplace for the Middle East and North Africa, offering localized verification and compliance solutions.
Related Regulations
FAQ
Who supervises data protection under the QFC regulations?
The QFC Data Protection Office is responsible for oversight and enforcement.
What makes these regulations different from national laws in Qatar?
They apply only within the QFC jurisdiction and are modeled closely on the GDPR, with more prescriptive obligations.
Are breach notifications mandatory?
Yes. Data controllers must report breaches to the QFC Data Protection Office as soon as possible.
Do individuals have data portability rights under this law?
Yes. The regulations include a right to data portability in addition to access, correction, and erasure.