Personal Data Protection Law (Royal Decree 6/2022)
Oman
2022
Privacy
Overview
Key Obligations
- Obtain explicit consent before collecting or processing personal data
- Process data for specific, lawful, and declared purposes
- Protect sensitive data and restrict its processing without legal justification
- Restrict cross-border data transfers unless the recipient jurisdiction provides adequate protection
- Grant individuals rights to access, correct, erase, and object to data processing
- Implement appropriate technical and organizational security measures
- Comply with future obligations once executive regulations are issued
Stay ahead of risk with Signzy
Explore tools that help you onboard, monitor, and verify with confidence
Identity Verification
Use facial match and liveness checks paired with government ID verification to validate users while onboarding.
One Touch KYC
Launch global KYC flows with built-in document OCR, liveness checks, deepfake detection, and AML, all through a single, customizable dashboard.
MENA API Marketplace
A comprehensive API marketplace for the Middle East and North Africa, offering localized verification and compliance solutions.
Related Regulations
FAQ
Who supervises data protection in Oman?
The Ministry of Transport, Communications and Information Technology (MTCIT) is the designated authority.
Has the law been fully enforced yet?
Not yet. Full enforcement is pending issuance of the executive regulations.
Are data transfers outside Oman allowed?
Yes, but only to jurisdictions with adequate data protection or with prior approval.
What types of entities must comply with this law?
Any organization, public or private, that processes personal data of individuals in Oman.