Last review date: 16 December 2025

The primary laws relevant to privacy and data protection are:

• Law No. 30 of 2018 on the Personal Data Protection Law ("PDPL")
• Ministry of Justice, Islamic Affairs and Waqf Executive Orders:
  • No. 42 of 2022 regarding the transfer of personal data outside the Kingdom of Bahrain
  • No. 43 of 2022 regarding the conditions to be met in the technical and organizational measures that guarantee protection of personal data
  • No. 44 of 2022 regarding the rules and procedures for submitting notifications and prior authorization requests to the Personal Data Protection Authority
  • No. 45 of 2022 regarding the rules and procedures for processing sensitive personal data
  • No. 46 of 2022 regarding Data Protection Guardians
  • No. 47 of 2022 determining the fees of enrollment and renewal in the Data Protection Guardians register and cases of waiver and refund
  • No. 48 of 2022 regarding the Data Subject's Rights (amended by Decision No. 80 of 2025, establishing data portability rights)
  • No. 49 of 2022 with respect to rules and procedures governing submission of complaints regarding violations of the Personal Data Protection Law
  • No. 50 of 2022 determining the controls and safeguards for protecting the confidentiality of data concerning instituting and pursuing of criminal proceedings, and related judgements
  • No. 51 of 2022 regarding the conditions to be met while creating registers accessible to the public

Last review date: 16 December 2025

Cybersecurity is a fundamental pillar of the Kingdom of Bahrain’s national ICT framework. The Kingdom has established a national cybersecurity framework governed by the General Directorate of Anti-Corruption and Economic and Electronic Security within the Ministry of Interior. This framework addresses cybersecurity across key sectors, including energy, finance, education, and health.

In addition to the security-related provisions in the PDPL and its Executive Orders, the primary laws relevant to cybersecurity include:

• Law No. 16 of 2014 regarding the Protection of Information and State Documents
• Law No. 2 of 2017 Ratifying the Arab Agreement on Combating IT Crimes
• Law No. 60 of 2014 regarding IT Crimes
• Decree Law No. 54 of 2018 for Issuance of Letters and Electronic Transactions
• Prime Ministerial Decree No. 36 of 2018 regulating the technical requirements for sending, receiving, and updating the electronic records and signatures of public bodies

Last review date: 16 December 2025

• Law No. 16 of 2014 regarding the Protection of Information and State Documents: This law mandates the protection of sensitive information and state documents, ensuring their security and confidentiality.
• Law No. 2 of 2017 Ratifying the Arab Agreement on Combating IT Crimes: This law focuses on combating various forms of IT crimes, including those involving non-personal data.
• Law No. 60 of 2014 regarding IT Crimes: This law addresses offenses related to information technology, including unauthorized access and data breaches involving non-personal data.
• Decree Law No. 54 of 2018 for Issuance of Letters and Electronic Transactions: This law regulates electronic transactions, ensuring their security and integrity, which is crucial for the protection of non-personal data.
• Prime Ministerial Decree No. 36 of 2018: This decree sets technical requirements for sending, receiving, and updating electronic records and signatures of public bodies, which includes non-personal data.