DPDPA is now in force in India. Run a free privacy scan on your site. Scan now

🇶🇦 Middle East & North Africa

Cookie consent in قطر

Consent and privacy law in قطر

In short
Qatar was the first Gulf country to enact a generally applicable data protection law, Law No. 13 of 2016 on Personal Data Privacy Protection, now overseen by the data protection function within the National Cyber Security Agency. The law requires a lawful basis, transparency, and respect for individual rights, and gives special protection to data of a special nature such as health, ethnicity, and religion, which needs a permit from the regulator to process. There are also specific rules on direct marketing and on processing children's data. Fines reach up to 5 million riyals. Notices in Arabic are expected. The Qatar Financial Centre has its own separate data regime.
Authority
National Cyber Security Agency (NCSA) Compliance and Data Protection Department
Status

Law No. 13 of 2016 on Personal Data Privacy Protection, the first such Gulf law

Primary law
PDPPL
Languages

ar

Who must comply

Entities that process personal data electronically or as part of preparing to process it electronically in Qatar.

Penalties

Fines up to 5 million riyals for serious violations of the law

Key obligations

  • Obtain consent or rely on a clear lawful basis
  • Provide notice of the purpose of processing
  • Apply special protections for data of a special nature
  • Honor individual rights to access and correction
  • Notify the competent department of serious breaches

Local guidance

  • Apply Law No. 13 of 2016, overseen by the NCSA
  • Obtain a permit to process special nature data
  • Provide notices in Arabic
  • Note the separate Qatar Financial Centre regime

How ConsentX helps

  • Consent capture with a clear lawful basis
  • Added safeguards for special-nature data
  • Rights request intake and workflow
  • Consent receipts and evidence
  • Region rule engine tuned for Qatar
Get started free
yoursite.com
🇶🇦 Qatar

We value your privacy

We ask for your consent before any non-essential cookie, with the rules that apply in your region.

Allow allReject non-essentialManage preferences

This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified local counsel.

How to comply with Qatar using ConsentX

  1. 1

    Scan your website

    Run a free scan to find every cookie and tracker on your site, so you know exactly what needs consent under Qatar.

  2. 2

    Show a geo-aware consent banner

    Add the ConsentX banner. It detects each visitor region and shows the consent experience that Qatar requires, automatically.

  3. 3

    Block trackers until consent

    Keep non-essential cookies and trackers blocked until the visitor agrees, so nothing fires before consent.

  4. 4

    Record tamper-evident proof

    Every choice is stored as a tamper-evident consent receipt you can produce in a Qatar audit.

  5. 5

    Handle data requests on time

    Use the built-in DSAR workflow with SLA timers to answer access, deletion and opt-out requests within the legal deadline.

Frequently asked questions

Was Qatar the first Gulf state with a privacy law?+

Yes. Qatar enacted Law No. 13 of 2016, the first generally applicable data protection law in the Gulf region, ahead of similar laws in neighbouring states.

What is special nature data in Qatar?+

Special nature data includes information such as health, ethnicity, religion, and criminal records. Processing it requires a permit from the regulator, which is a distinctive feature of Qatar's law.

Governing law

🇶🇦 PDPPL

Other countries in Middle East & North Africa

🇦🇪 الإمارات العربية المتحدة🇸🇦 المملكة العربية السعودية🇧🇭 البحرين🇮🇱 ישראל🇹🇷 Türkiye🇪🇬 مصر