Elaboration and Developing Privacy Policy Guideline – Introduction

This guideline aims to guide entities subject to the provisions of Personal Data Protection Law (Law) and its Implementing Regulations, through the preparation and development of their privacy policy, ensuring compliance with the “Right to Be Informed” stated in Article (4) of the Law, and further cited in Article (13) thereof. This also ensures entities’ compliance with Article (12) provisions, which obligate entities to prepare a privacy policy, as follows: “The Controller shall use a privacy policy and make it available to Data Subjects for their information prior to collecting their Personal Data. The policy shall specify purpose of Collection, Personal Data to be collected, means used for Collection, Processing, Storage and Destruction, and information about the Data Subject rights and how to exercise such rights .” This guideline shall also provide a standard template that can serve as guidance during the development of entities’ privacy policy, to ensure that regulatory requirements are met, and to clarify basic elements that shall be taken into account during policy development. The Law and its Implementing Regulations may be used as reference to determine terms and phrases mentioned in this guideline, and to determine regulatory requirements, as viewing this guideline cannot replace the need to refer to the provisions of the Law and its Implementing Regulations. This guideline is not considered a binding regulatory document, since the Law and its Implementing Regulations provisions serve as regulatory reference for the application of its provisions.