Back to Frameworks

Oman Personal Data Protection Law (Royal Decree 6/2022)

Oman
v2022 (effective 2023)
8 domains
8 controls

Oman's Personal Data Protection Law (Royal Decree 6/2022), effective February 2023, establishes a comprehensive data protection framework. The Ministry of Transport, Communications, and Information Technology (MTCIT) oversees enforcement. The law covers processing principles, consent requirements, data subject rights, cross-border transfers, breach notification, and data protection officer requirements. Applies to processing of personal data by controllers and processors in Oman. Data localisation requirements for certain categories of data. One of the most comprehensive data protection laws in the Gulf region.

Verified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (8)

Automated Decisions, Children, Marketing

1 controls
Controls in the Automated Decisions, Children, Marketing domain of Oman Personal Data Protection Law (Royal Decree 6/2022)1 controls
CodeTitle
OMANPDPL-7Automated Decision-Making, Profiling, Children, Direct Marketing

Breach + RoPA + Processors

1 controls
Controls in the Breach + RoPA + Processors domain of Oman Personal Data Protection Law (Royal Decree 6/2022)1 controls
CodeTitle
OMANPDPL-5Breach Notification (72 hours), Records of Processing, Processor Engagement

International Transfers

1 controls
Controls in the International Transfers domain of Oman Personal Data Protection Law (Royal Decree 6/2022)1 controls
CodeTitle
OMANPDPL-6International Data Transfers and Cross-Border Controls

Minimisation and Retention

1 controls
Controls in the Minimisation and Retention domain of Oman Personal Data Protection Law (Royal Decree 6/2022)1 controls
CodeTitle
OMANPDPL-3Data Minimisation, Purpose Limitation, Retention, Secure Deletion

Notice and Rights

1 controls
Controls in the Notice and Rights domain of Oman Personal Data Protection Law (Royal Decree 6/2022)1 controls
CodeTitle
OMANPDPL-2Privacy Notice, Transparency, Data Subject Rights

Scope and Lawful Processing

1 controls
Controls in the Scope and Lawful Processing domain of Oman Personal Data Protection Law (Royal Decree 6/2022)1 controls
CodeTitle
OMANPDPL-1Scope, Lawful Basis, Consent, and Sensitive Data Protection

Security and Privacy by Design

1 controls
Controls in the Security and Privacy by Design domain of Oman Personal Data Protection Law (Royal Decree 6/2022)1 controls
CodeTitle
OMANPDPL-4Security of Processing, Privacy by Design, Impact Assessment

Supervision and Enforcement

1 controls
Controls in the Supervision and Enforcement domain of Oman Personal Data Protection Law (Royal Decree 6/2022)1 controls
CodeTitle
OMANPDPL-8Supervision, Enforcement, Penalties, and DPO Designation

Frequently Asked Questions

What is Oman Personal Data Protection Law (Royal Decree 6/2022)?

Oman Personal Data Protection Law (Royal Decree 6/2022) is a compliance framework from Oman with 8 domains and 8 controls. Oman's Personal Data Protection Law (Royal Decree 6/2022), effective February 2023, establishes a comprehensive data protection framework. The Ministry of Transport, Communications, and Information Technology (MTCIT) oversees enforcement. The law covers processing principles, consent requirements, data subject rights, cross-border transfers, breach notification, and data protection officer requirements. Applies to processing of personal data by controllers and processors in Oman. Data localisation requirements for certain categories of data. One of the most comprehensive data protection laws in the Gulf region. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does Oman Personal Data Protection Law (Royal Decree 6/2022) have?

Oman Personal Data Protection Law (Royal Decree 6/2022) has 8 controls organised across 8 domains. The largest domains are Automated Decisions, Children, Marketing (1 controls), Breach + RoPA + Processors (1 controls), International Transfers (1 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does Oman Personal Data Protection Law (Royal Decree 6/2022) map to?

Oman Personal Data Protection Law (Royal Decree 6/2022) does not currently have cross-framework mappings in our system. Check back as we continuously expand our mapping database.

How do I get started with Oman Personal Data Protection Law (Royal Decree 6/2022) compliance?

Start your Oman Personal Data Protection Law (Royal Decree 6/2022) compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about Oman Personal Data Protection Law (Royal Decree 6/2022) requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 8 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 723 frameworks.

Get Started Free →

Free forever — no credit card required