In April 2021, Kuwait's Communication & Information Technology Authority (CITRA) released the data privacy protection regulation (no. 42 of 2021). It is only applicable to telecommunication companies, but discusses important points that many international laws discuss, such as maintaining privacy of data, informing clients of the purpose of the collection of data, to whom it may be disclosed to and many more details that are up to the global standard. But some important clauses are missing, such as how to use the information to market to clients, or the security of the data.
Today I will be answering the most common questions I receive from companies, especially small business owners of tech companies.
Question: As a business owner, how do I make sure that I am following the laws and protecting my customers?
Fajer: The law states a few important things, but more importantly, you need to be clear in your privacy policy what information you are collecting, why are you collecting it, and if you are sharing any information, you need to mention who are the third parties you are sharing the info with.
Question: I know that the new data law only applies to communication companies - does that mean it does not apply to my company, a tech company specialized in selling products?
Fajer: In Kuwait, we also have law no. 20 of 2014 concerning electronic transactions that applies in general to companies, and states that certain data needs to be protected. With that said, it is always important to make your customers feel protected, and protect the data yourself.