In a significant move to strengthen personal data safeguards, regulatory authorities in Bahrain have announced new mandates requiring organisations to appoint Data Protection Officers (DPO). These requirements align with the Personal Data Protection Law (PDPL) and implemented under Order No. (46) of 2022, issues by the Personal Data Protection Authority of Bahrain (PDPA). ​

Sector-specific directives have been issued across key industries, including: ​

Financial Sector ​
The Central Bank of Bahrain (CBB) now requires all licensed financial institutions to appoint a DPO. Institutions may choose an internal or external guardian but must ensure full PDPL compliance. ​

Telecommunications ​
Following its classification as a high-risk sector for personal data processing, the Telecommunications Regulatory Authority (TRA) has directed all licensed operators to appoint a DPO. Appointed individuals must fulfil the duties outlined under the PDPL. ​

Healthcare ​
The National Health Regulatory Authority (NHRA) has issued a directive mandating all private healthcare facilities – hospitals, medical centers, and laboratories – to appoint a DPO, either internally or via an external DPO. ​

In addition to these sector-specific measures, all organisations are required to notify the PDPA of the appointment within 3 days of a DPO’s appointment. Registration with the PDPA is mandatory for all appointed DPOs, regardless of whether they are internal or external. ​

These steps reflect a broader push toward unified compliance and enforcement under Bahrain’s national data privacy framework. ​

Our lawyers are fully up to date on these developments. For further guidance, contact us at ASARBH@asarlegal.com.