Law No. (13) of 2016 is a data protection legislation that applies to all public institutions and private organizations across Qatar. Article (3) of the law asserts every Qatari citizen’s right to privacy of confidential data and the processing of personal information must be grounded on honesty, transparency, and respect for Qataris’ dignity (Compliance and Data Protection Department, n.d.). Among others, the law’s provisions allow individuals to withdraw their prior consent to personal data processing, request the erasure or omission of personal data, and request rectifications to personal data. Qatar National Bank is obligated to adhere to Law No. (13) in regards to its management of employees’ personal data in the agency’s human resource and information technology departments. The primary objective of the current policy is to ensure efficient and effective data management for evidence-based and informed decision-making at Qatar National Bank.
The information technology department’s main responsibility under this policy will be maintaining the security and availability of the bank’s data infrastructure while limiting the accessibility of employees’ personal data to authorized users for administrative purposes. The IT department will also implement the necessary measures to reduce the risks of security breaches and unintentional disclosure of employees’ data. Some of the strategies to achieve data security will include improving personnel’s understanding of recommended data management practices at the IT department, implementing data access controls, and maintaining the security of the data systems. The human resource department at Qatar National Bank will be tasked with training employees about data protection, documenting best practices, enforcing worker data permissions, and outlining reporting procedures for data breaches to all employees. Additionally, the human resource department will collaborate with the information technology department in defining responsibilities and updating roles to ensure secure data access and use.
Reference
Compliance and Data Protection Department. (n.d.). Law no. 13 of 2016: Personal data privacy protection. Web.