Data localization and regulation of non-personal data | Bahrain | Global Data and Cyber Handbook

Data localization and regulation of non-personal data

Jump to

Data localization and regulation of non-personal data Start Comparison

Are there data localization/data residency or other types of laws that may require the retention and storage of data in the local jurisdiction, or prohibit the transfer of data out of the jurisdiction?

Last review date: 31 December 2024

The PDPL does not mandate the retention and storage of personal data within the Kingdom. However, the transfer of personal data outside Bahrain is regulated. According to Executive Order No. 42 of 2022, personal data can only be transferred to countries or regions that provide adequate protection for personal data as determined by the Authority. The Authority has listed 83 countries that meet these criteria. Data controllers may transfer personal data to these countries without prior authorization. For transfers to countries not on the list, data controllers must obtain permission from the Authority, ensure the data subject has consented, or meet specific conditions such as contractual necessity or vital interest protection.

Does law or regulation impose mandatory requirements to share or make accessible non-personal data?

Last review date: 31 December 2024

Obligation for public sector organizations to share or make accessible non-personal data

Bahrain Government has an Open Data Policy incorporating a commitment to making non-sensitive data more accessible and easily shareable.

What specific obligations do these data-sharing rules impose on private organizations?

Last review date: 31 December 2024

N/A. The Open Data Policy applies only to the public sector.

Global Data and Cyber Handbook

Bahrain

Select a Topic