The Ministry of Transport and Communications ('MOTC') announced, on 31 January 2021, the release of guidelines on the Personal Data Privacy Protection Law No.13 of 2016 ('PDPPL') for regulated entities as well as guidelines for individuals. In particular, the MOTC outlined that the guidelines aim to help individuals, regulated entities and stakeholders to understand their respective responsibilities, rights and practices under the law. More specifically, the guidelines for regulated entities include assistive tools and guidance to support compliance with the law, consisting of:

• a personal data breach notifications form and guideline;
• a special nature processing permission request form;
• a controller and processor guideline;
• Data Privacy by Design and by Default guideline;
• Data Privacy Impact Assessment guideline and template;
• electronic communications for direct marketing guideline;
• exemptions applicable to competent authorities under Article 18 guideline;
• exemptions applicable to data controllers under Article 19 guideline;
• individual complaints guideline;
• individual rights guideline;
• Personal Data Management System ('PDMS') checklist;
• principles of data privacy guideline;
• privacy notice guideline;
• record of processing activities guideline and template; and
• special nature processing guideline.

Furthermore, the Compliance and Data Protection ('CDP') outlined that the guidelines do not apply to personal data processed by individuals themselves within the scope of their personal or familial lives. Moreover, the CDP clarified that regulated entities must decide exactly which precautions to take and how, considering their specific organisational circumstances.

In addition, the CDP noted that it will take measures to ensure the implementation of and compliance with the PDPPL.

You can read the MOTC press release here, the CDP guidance hub here, and access the guidelines for regulated entities and the guidelines for individuals here.