Personal Data Protection Law No. 24
Jordan
2023
AML/CFT
Overview
Key Obligations
- Obtain explicit consent from individuals before collecting or processing their data
- Limit data use to clearly defined and lawful purposes
- Provide individuals with rights to access, correct, erase, or restrict their data
- Restrict cross-border data transfers to jurisdictions offering adequate protection
- Adopt technical and organizational safeguards to ensure data security
- Appoint data protection officers as required by forthcoming regulations
- Comply with future rules issued by the national Data Protection Authority
Stay ahead of risk with Signzy
Explore tools that help you onboard, monitor, and verify with confidence
AML Screening
Screen users against Politically Exposed Persons (PEP), watchlists, sanctions lists, adverse media, and more through one-time screening and advanced monitoring.
Transaction Monitoring
Monitor transactions in real-time and analyse past behaviour to identify suspicious activities and ensure regulatory compliance across the user journey.
Identity Verification
Use facial match and liveness checks paired with government ID verification to validate users while onboarding.
FAQ
Is Jordan's Data Protection Authority operational?
Not yet. The law provides for its creation, but it has not been established as of 2025.
What is the status of enforcement?
The law is in effect, but full enforcement is delayed pending the issuance of executive regulations.
Who must comply with this law?
All public and private entities in Jordan that process personal data, regardless of sector.
Are international data transfers allowed?
Yes, but only to countries deemed to provide adequate protection, or under approved conditions.