Bahrain's Order No. 42 of 2022 outlines the regulations for transferring personal data outside of the Kingdom of Bahrain, as per the Personal Data Protection Law No. 30 of 2018. It specifies conditions under which data controllers can transfer data, including transfers to countries listed in an attached record and transfers authorized by the Personal Data Protection Authority.
Key requirements
- Data Controllers must obtain prior authorization from the Authority to transfer data to countries not listed in the attached record.
- Prior authorization requests must be submitted on the Authority's prescribed form, including details about the Controller, Processor, data nature, processing purpose, and data protection measures in the destination country.
- Data Controllers transferring data within a regional or international group to countries not on the approved list must comply with Article 3 requirements and adhere to corporate rules, if present.
Applies to: Data Controllers operating in the Kingdom of Bahrain who transfer personal data outside of Bahrain