Start OneTrust-to-PrivacyEngine migration today 🔁 Effortless switch now available Learn More!

Podcast

Qatar Data Protection Law Explained: PDPPL, Rights and AI

A practical podcast discussion on consent, sensitive data, individual rights, breach reporting, cross-border transfers, children’s privacy, and AI governance in Qatar

Understanding Qatar’s PDPPL: Data Rights, Compliance and AI

In this episode of the International Data Protection Regulation Podcast, Dr. Maria Maloney and Katie Birch take a practical look at Qatar’s Personal Data Privacy Protection Law, Law No. 13 of 2016, and what it means for organisations handling personal data in the region. The discussion is especially useful for privacy professionals, legal teams, compliance leaders, cybersecurity specialists, and anyone trying to understand how Gulf privacy frameworks are evolving alongside global standards.

The episode begins by setting out the foundations of Qatar’s privacy regime and explaining why the law matters. The hosts outline how personal data is defined, what types of information fall into more sensitive categories, and why Qatar takes a particularly strict view of certain forms of processing. One of the most interesting themes in the discussion is the law’s strong emphasis on consent, especially when compared with broader lawful basis models seen elsewhere. That makes this episode valuable for businesses reviewing data collection practices, marketing activities, and internal governance controls.

The podcast also walks through the rights available to individuals under the law, including rights connected to access, correction, withdrawal of consent, objection, and erasure. From there, the conversation shifts to the obligations placed on organisations, including accountability measures, internal systems, risk reviews, processor oversight, complaint handling, and the practical importance of maintaining a structured privacy programme.

Another standout part of the episode is the treatment of breach notification, penalties, and enforcement. The hosts explain how Qatar approaches serious harm, what organisations may be expected to report, and why regulators are increasingly focused on evidence of operational readiness rather than policy language alone. The conversation also covers cross-border transfers, online privacy, direct marketing, and enhanced protections for children’s data.

Finally, the episode looks ahead to AI. While Qatar does not yet have a standalone AI law discussed in the same way as the EU AI Act, the podcast highlights how privacy law, soft-law AI principles, and ethical governance are beginning to overlap. That makes this episode not just a summary of current law, but a useful guide to where privacy and AI compliance in Qatar may be heading next.