General Data Protection Rules

Overview

  • Kuwait has several laws governing data protection, including Kuwait Law No. 20/2014 On Electronic Transactions, Kuwait Law No. 63/2015 On Combating Cyber Crimes, Kuwait Law No. 12/2020 Concerning the Right to Information and Kuwait Administrative Decision No. 26/2024 Concerning the Issuance of the Data Privacy Protection Regulation.

  • Data protection is regulated by authorities such as the Communication and Information Technology Authority (CITRA), the Central Agency for Information Technology (CAIR), and the Electronic Cyber Crime Combatting Department (ECCCD).

  • Individuals can access, amend, and request the deletion of their personal data. The consent of the individual is required for data collection, processing, and transfer.

  • Kuwait Administrative Decision No. 26/2024 shares similarities with the General Data Protection Regulations (GDPR) issued by the European Union (EU) but has notable differences in scope and enforcement.

  • Kuwait-based companies offering goods or services to EU consumers, needs to comply with the GDPR.

Definitions

  • CITRA: Kuwait's Communication and Information Technology Regulatory Authority.

  • CAIR: Central Agency for Information Technology.

  • ECCCD: Electronic and the Cyber Crime Combatting Department.