This Practice Notes discusses data protection in Bahrain and explores the effect of the European General Data Protection Regulation (GDPR) in Bahrain.

It explains what the GDPR is, why, and how the GDPR has extraterritorial effects of concern to Bahrain. It also discusses the limitations of enforcement of such extraterritorial impacts. It compares the GDPR and Bahrain Law No. 30/2018 issuing the Law on Personal Data Protection (PDPL). The PDPL is the only countrywide (along with Qatar Law No. 13/2016) data protection law within the Gulf Corporation Council (GCC). Therefore, this comparison intends to highlight fundamental differences in compliance requirements and enforcement for organisations based in Bahrain.

Data subject : An identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.