Bahrain's Order No. 46 of 2022 outlines the regulations for Data Protection Guardians, both internal and external, as mandated by the Personal Data Protection Law (PDPL). It establishes a register for these guardians and sets forth the conditions for enrollment, including qualifications and ethical standards. The order empowers the Authority to require specific controllers to appoint a guardian.
Key requirements
- Data Controllers must notify the Authority of the appointment of a Data Protection Guardian within three working days.
- Individuals wishing to be accredited as a Data Protection Guardian must be enrolled in the Data Protection Guardians Register.
- External Data Protection Guardians (natural persons) must hold a Bachelor's Degree in information technology or a professional certificate in information security or have practical experience in related fields.
- External Data Protection Guardians (natural persons) must be of good reputation and not have been convicted of certain crimes.
Applies to: Data Controllers operating in Bahrain and individuals seeking accreditation as Data Protection Guardians (internal or external)