Oman’s authorities are drafting a Data Protection Law that when promulgated will introduce robust, internationally accepted standards of personal data protection in the Sultanate.
The proposed legislation will also fuel the pace of the digital transformation of local businesses, the banking and financial services sector, and the wider national economy, according to the Executive President of the Central Bank of Oman (CBO).
“The law relating to data protection is in the draft stage,” Tahir Salim al Amri said. “Data, as you are aware, is the critical core in digitalisation, but needs to be handled with the requisite care, as existing and new start-ups embarked on their digital journey need to factor in this important consideration of requisite care in their business models.”
Speaking at a banking forum held in the city recently, Al Amri further stated: “The industry needs to be cognisant about (data use) authorisation. They should also ensure confidentiality and security of data, and exercise caution in sharing customer data within the confines of the law.”
On a related note, the country’s apex bank is also formulating guidelines to strengthen customer protection in general, the Executive President said. “The Central Bank is working on a comprehensive customer protection framework for customers of our licensed institutions,” he stated.
When eventually enacted, the new Data Protection Law will add the Sultanate to the ranks of countries that have put in place strict legislation to safeguard privacy of persona data.
According to data experts, the international benchmark on which the data privacy laws of most countries are modelled is the General Data Protection Regulation (GDPR), a ground-breaking piece of legislation that came into force across the European Union (EU) in 2018. It confers international protection to the personal data of any EU national, effectively safeguarding their data and information from potential misuse within and outside the EU. Such threats can take the form of fraud, phishing scams and identity theft, among other perils.
Types of personal information that will be covered by the proposed data protection law will include common pieces of data, such as names, addresses, phone numbers, emails, banking and credit card details, health information, and so on. Businesses and employers, for example, will also be obligated to protect, among other data, employee records, customer details, loyalty schemes, financial transactions, and so on.
Besides safeguarding all such personal data from possible misuse and abuse, businesses and employers are also barred from sharing these details with unauthorised third-parties. They are also required to invest in robust IT and cyber-security measures to keep their data safe.