The Qatar Financial Centre (QFC), a leading onshore financial and business centre in the region, hosted a roundtable to provide an overview of the new data protection regulations and facilitate a structured discussion around key issues and challenges faced by firms.
The QFC data protection regulations and rules were introduced in 2005. Given the number of global developments relating to the handling and protection of data over the years, the QFC has recently reviewed and amended the regulations and rules to align with these developments.
“Data is increasingly becoming an important element for businesses. In parallel, the techniques to mine and retrieve personal and company information are multiplying and becoming more sophisticated," said Nasser al-Taweel, deputy chief executive and chief legal officer, QFC.
The QFC places immense importance on data protection and encourages firms to stay up-to-date with the latest data regulations to ensure their businesses and stakeholders are protected, according to him.
The session included a presentation covering six areas of data protection, including personal data processing, data subjects’ rights, data transfers, data controller and data processor obligations, data protection office, and remedies. It was followed by an open discussion to explore important aspects of the regulations and rules.
Daniel Patterson, commissioner, Data Protection Office, QFC, said safeguarding personal data from misuse, compromise or loss is not only a legal obligation but also an ethical one.
"Employing good data protection practices should be a standard conduct for any organisation. With increasing threats to data protection, regulations and rules must align with international best practice to reduce the risk of data theft and misuse by malicious parties,” he said.
The proposed changes in the data protection regulations and rules include the addition of a new article on the conditions for using consent as a legal basis for processing personal data; the publication of a list of ‘adequate’ jurisdictions to which data transfers are permitted without additional requirements; the provision for the establishment of the data Protection Office (DPO) as an institution of the QFC including the role of commissioner; the introduction of a number of remedies for individuals and the DPO; and the right to lodge a complaint with the DPO.