This site uses cookies to provide you with a more responsive and personalized service. By using this site you agree to our use of cookies. Please read our cookie notice for more information on the cookies we use and how to delete or block them.

Bookmark Email Print page

Forensic Data Collection in the GCC - Appendix A

GCC and neighboring countries - Data Compliance related laws and regulations

Please note that this is not an exhaustive list of laws and regulations relating to data compliance. With thanks to Takamasa Makita and Ben Smith of Clyde & Co, Dubai and Nick O'Connell of Al Tamimi, Dubai. 

United Arab Emirates

Constitution of the United Arab Emirates



Federal Law No. 8 of 1980, Labor Law

Federal Law No. 3 of 1987, Penal Code

Federal Law No. 1 of 2006, Electronic Transactions & Commerce

Federal Law No. 5 of 2012, Cyber Crimes


Free Zones

TECOM Code of Guidance (2003)

DIFC Law No. 1 of 2007, Data Protection

DHCC Regulation No. 7 of 2008, Patient

Healthcare Information in the DHCC

Twofour54, Abu Dhabi Content Code (2011)



Telecommunication Regulator Authority, Privacy of Consumer Information Policy (2005)



Royal Decree No. 101 of 1996, Basic law of the Sultanate of Oman (Constitution)

Royal Decree No. 7 of 1974, Penal Code

Royal Decree No. 69 of 2008, Law of Electronic Transactions

Resolution No. 113 of 2009, Regulations on Protection of the Confidentiality and Privacy of Beneficiary Data



Constitution of Qatar (2004)

Law No. 11 of 2004, Penal Code

Law No. 14 of 2004, Labor Law

Law No. 5 of 2005, Protection of Trade Secrets

Law No. 34 of 2006, Telecommunications

Law No. 16 of 2010, Electronic Commerce and Transactions Law

Qatari Central Bank concerning the Instructions to Banks (November 2011)

QFC Regulations No. 6 of 2005 concerning the Data Protection Regulations



Constitution of Kuwait (1962)

Decree Law No. 32 of 1968, Central Bank of Kuwait Law

Decree Law No. 38 of 1980, Civil and Commercial Procedure

Decree Law No. 64 of 1999, Intellectual Property Rights Instruction 2/BS, BSI/278/2012 of Central Bank of Kuwait, Banking Confidentiality


Kingdom Saudi Arabia

Royal Decree No. A/90, dated 27.8.1412H (1 March 1992), Basic Law of Rule (Constitution)

Royal Decree No. M/12 dated 12.3.1422H (3 June 2001), Telecommunications Law

Royal Decree No. M/17 dated 8.3.1428H (26 March 2007), Anti-Cyber Crime Law



The Constitution of the Hashemite Kingdom of Jordan (1952)


Decree No. 15 of 1976, Penal Code

Decree No. 7 of 2003, Trade Secrets



Law No. 58 of 1937, Criminal Code

Law No. 131 of 1948, Civil Code

Law No. 88 of 2003, Banking Law (Central Bank, Banking Sector and Monetary System) Law No. 205 of 1990, Bank Secrecy



Constitution of Lebanon (1926)

Law No 349 of 1943, Criminal Code

Law of 3 September 1956, Banking Secrecy

Law No. 8 of 1970, Code Regulation the Legal Profession

Law No. 659 of 2005, Consumer Protection Code

Law No. 112 of 1959, Rules of Civil Servants

Code of Medical Ethics (1994)

Material on this website is © 2014 Deloitte Global Services Limited, or a member firm of Deloitte Touche Tohmatsu Limited, or one of their affiliates. See Legal for copyright and other legal information.

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see “About Deloitte” for a more detailed description of DTTL and its member firms.

Get connected
Share your comments


More on Deloitte
Learn about our site