QFC Issues First-Ever Data Protection Fine: $150,000
In October 2024, the Qatar Financial Centre Authority issued its first-ever enforcement action under the QFC Data Protection Regulations 2021, imposing a $150,000 fine on an unnamed QFC-licensed financial services firm. The penalty arose from a data breach in December 2022, with investigation spanning 2023-2024. The firm violated multiple QFC DPR provisions including security controls, audit logging, and the mandatory 72-hour breach notification requirement.
Executive Summary
KEY FACTS
- WhatQFC Authority issued its first-ever data protection enforcement action.
- WhoAn unnamed QFC-licensed financial services firm and its clients.
- Data ExposedClient personal and financial data; specific categories not publicly disclosed.
- Outcome$150,000 fine for security, logging, and breach notification failures.
References
SOURCES
QFC Authority Enforcement Decision, QFC Data Protection Regulations 2021