Presently, Kuwait does not have a comprehensive data protection law or a single data protection authority. For that reason, data protection and data transfer in the financial industry is regulated by multiple statutes and sectoral regulations and guidelines. While no specific law, regulation or guidelines govern the use of cloud services in the financial industry, general guidelines and practices regarding banking secrecy and confidentiality provide a rough guide as to what sort of measures and precautions financial entities using cloud services should undertake. When evaluating whether financial service entities are protecting the privacy and security of the financial data entrusted to them, authorities retain a broad discretion and are free to impose new requirements.

Cloud services : An on-demand Internet service made available to users from a cloud computing provider's server.

Cloud computing : Use of a network of remote servers hosted on the Internet to store, manage and process data instead of using a local and on-premises server or computer.

CDD/KYC : Customer due diligence/Know Your Customer.

GDPR : The EU General Data Protection Regulation.

CBK : The Central Bank of Kuwait.