The general position in most of the GCC countries is that safeguarding an individual's personal data is provided for under general provisions of law rather than specifically focusing on the issue of “data privacy” or “data protection”. There are, of course, some exceptions to this, and the list of exceptions is growing steadily.

Europe is leading the international data protection charge with the GDPR but the GCC regions are certainly catching up. UAE, Oman and Saudi Arabia are all currently developing national data protection laws modelled on the GDPR.

Bahrain Law No. 30/2018 Issuing the Law on Personal Data Protection was issued in 2018 and came into force on 1 August 2019. Bahrain Law No. 30/2018 aims to be consistent with international best practices and includes the protection of individuals' privacy and specific consent requirements for data processing, as well as the creation of a PDPA. Bahrain Law No. 30/2018 is directly influenced by the country's ambitious plans to become a hub for data centres. The PDPA is responsible for implementing and enforcing the law.