In the digital age, the data is a high-stakes asset. Recognising this, Oman’s Personal Data Protection Law (PDPL), issued by Royal Decree 6/2022, sets some serious obligations for data controllers and processors to protect and respect the personal data of users. If these data controllers and processors fail to fulfil their obligations, the law imposes serious penalties for non-compliance. This blog post will provide an overview of the penalties imposed under the PDPL.
Violating the PDPL can result in fines ranging from 500 Rial Omani to 500,000 Rial Omani depending on the nature of the violations as specified by the provisions of articles 25 to 29 of the PDPL.
Minor Violations
The smallest penalty under the PDPL is a fine between 500 and 2,000 Rial Omani if a person violates article 14 of the law, which requires a data controller to notify a data subject in writing of a specific set of information prior to processing the personal data.
Moderate Violations
The next scale of penalties is a fine between 1,000 and 5,000 Rial Omani, which is imposed if a person violates articles 15, 16, 17, 18, 20, or 22 of the law. Examples of such violations would be the failure to appoint an external auditor to verify that the processing is conducted in accordance with the law.
Serious Violations
If a person violates the provisions of article 13, a fine will be imposed against them between 5,000 and 10,000 Rial Omani. This article is violated if a data controller fails to put in place controls and procedures required to comply with data processing requirements, such as controls for determining the risks that a data subject is exposed to when their personal data is processed.
Major Violations
Higher fines are imposed for those who violate the provisions of articles 5, 6, 19, and 21 that range between 15,000 and 20,000 Rial Omani. Violations that can result in such fines include processing sensitive personal data, such as the processing of fingerprints, without the prior permission of the MTCIT.
Grave Violations
The biggest fine under the law, and probably one of the biggest fines in the whole Omani legal system, is the fine imposed when someone violates the provisions of article 23, which can result in a fine between 100,000 and 500,000 Rial Omani. This fine will be imposed when a person processes personal data outside the Sultanate of Oman in violation of the law.
Conclusion
The penalties imposed under the Personal Data Protection Law are extremely serious and can go up to 500,000 Rial Omani. It is highly recommended that all companies make themselves familiar with the Personal Data Protection Law by reading it on the link below:
