Personal Data Protection Council

The Personal Data Protection Council is a national body responsible for regulating and managing personal data protection affairs in the Kingdom. The council was established under the Personal Data Protection Law No. (24) of 2023 and is chaired by the Minister of Digital Economy and Entrepreneurship, with members representing both government and private sector entities from specialized fields. The term of council membership is four years, renewable once.

Council Responsibilities

The Council shall assume the following tasks and powers:

1. Approving policies, strategies, plans, and programs related to Data protection and monitoring their implementation.
2. Adopting standards and measures for Data protection, including codes of conduct governing the proper performance of Controller and Processor duties.
3. Issuing licenses and permits for the storage, Processing, Profiling, and transfer of Data.
4. Adopting models related to obtaining Consent, withdrawing Consent, objections, and requests submitted by the Data Subject by the provisions of this law.
5. Reviewing the complaints and requests submitted by the Data Subject or by their representative against the Controller, or those submitted by one Controller against another Controller, and taking the necessary actions regarding them.
6. Providing opinions on treaties, agreements, regulations, and instructions related to Data.
7. Representing the Kingdom in local, regional, and international forums related to Data protection.
8. Issuing a regularly updated list of countries, entities, or international or regional organizations recognized by the Kingdom to have a sufficient level of Data protection and publishing it through appropriate means.
9. Proposing international cooperation plans in the field of Data protection with international entities and organizations.
10. Coordinating and cooperating with governmental and non-governmental entities to ensure the safety of Data protection procedures.
11. Approving the annual report on Data protection prepared by The Unit and submitting it to the Council of Ministers.
12. Adopting the instructions related to the provisions of this law.
13. Any other tasks related to Data Protection.

Current Members of the Personal Data Protection Council

• Council Chairperson: Minister of Digital Economy and Entrepreneurship – H.E. Eng. Sami Issa Smeirat.
• Deputy Chairperson: Information Commissioner – Dr. Nidal Al-Ahmad.
• General Commissioner for Human Rights – H.E. Mr. Jamal Hamed Al-Shamayleh.
• President of the National Cybersecurity Center.
• Representative of the Central Bank – Ms. Maha Al-Abdallat.
• Two representatives from security agencies.
• Representative of the Information Technology Sector – Dr. Moataz Al-Nabulsi.
• Representative of the Telecommunications Sector – Mr. Ruslan Diraneyah.
• Representative of the Banking Sector – Dr. Maher Al-Mahrouq.
• Expert in the field – Mr. Basel Al-Barghouthi.