General Data Protection Rules
Overview
Kuwait has several laws governing data protection, including Kuwait Law No. 20/2014 On Electronic Transactions, Kuwait Law No. 63/2015 On Combating Cyber Crimes, Kuwait Law No. 12/2020 Concerning the Right to Information and Kuwait Administrative Decision No. 26/2024 Concerning the Issuance of the Data Privacy Protection Regulation.
Data protection is regulated by authorities such as the Communication and Information Technology Authority (CITRA), the Central Agency for Information Technology (CAIR), and the Electronic Cyber Crime Combatting Department (ECCCD).
Individuals can access, amend, and request the deletion of their personal data. The consent of the individual is required for data collection, processing, and transfer.
Kuwait Administrative Decision No. 26/2024 shares similarities with the General Data Protection Regulations (GDPR) issued by the European Union (EU) but has notable differences in scope and enforcement.
Kuwait-based companies offering goods or services to EU consumers, needs to comply with the GDPR.
Definitions
CITRA: Kuwait's Communication and Information Technology Regulatory Authority.
CAIR: Central Agency for Information Technology.
ECCCD: Electronic and the Cyber Crime Combatting Department.