Bahrain – Criminal Offence to Breach Data Laws
The Personal Data Privacy Act (PDPL) of Bahrain (Law No. (30) of 2018) came into force on August 1, 2019. The PDPL aims to more closely align Bahrain's data protection framework with global best practices and regulates processing (broadly defined to include data collection, storage, disclosure, etc.) and data transfer in Bahrain. Although the legislation is now in effect, the new Personal Data Protection Authority to enforce the law has yet to be formed in Bahrain.
Bahrain's adoption of the PDPL may be part of a trend towards expanded data protection regulation by Gulf Cooperation Council (GCC) members. For example, in the coming years, the United Arab Emirates and Saudi Arabia can both adopt more stringent data protection laws.
For certain breaches, the PDPL provides criminal penalties. Data protection laws, on the other hand, are usually democratic in the European Union and the United States. Criminal violations include processing sensitive personal data in contravention of the PDPL or retention of the Authority's requested data, information, records or documents. The law applies to people who live and work in Bahrain.