Help Center · Framework guide
Middle East & GCC Personal Data Protection
ME Privacy · Privacy · Middle East · v2024–2025
Overview
Middle East & GCC Personal Data Protection (ME Privacy) — Unified privacy controls for UAE Federal PDPL, KSA PDPL, Qatar, Bahrain, Oman, and Jordan — lawful processing, data subject rights, transfers, breach notification, and DPO obligations. ComplAI maps this framework’s controls so your team can track implementation, evidence, and audit readiness.
28 controls available in ComplAI for this framework.
Who it's for
- Organizations that must demonstrate ME Privacy compliance
- Security and compliance teams operating in Middle East
- Customers and partners that require ME Privacy assurance
Why it matters
ME Privacy is a recognized privacy framework. Activating it in ComplAI lets you manage controls, evidence, and readiness in one place.
How ComplAI helps
- Activate ME Privacy in the Framework Library to load its control catalog
- Assign owners, track compliance status, and attach evidence per control
- Use risk register and issues workflows when controls fail or deviate
- Export readiness views for leadership and auditors
Sample controls
- governance
Gov. 1
Privacy governance and accountability
- governance
Gov. 2
Data Protection Officer appointment
- data protection
Gov. 3
Record of processing activities (RoPA)
- data protection
Law. 1
Lawful basis for processing
- data protection
Law. 2
Valid consent
- data protection
Law. 3
Privacy notice and transparency
Getting started
- Open Framework Library and activate ME Privacy
- Review the control list and prioritize high-impact domains
- Attach policies, procedures, and technical evidence
- Mark controls audit-ready and monitor residual gaps
