Jordan PDPL

Personal Data Protection Law (Law No. 24 of 2023)

Jordan's data protection law with medical data processing exceptions, data portability rights, and oversight including security services.

Jurisdiction

Jordan

Enacted

Jun 1, 2023

Effective

Mar 1, 2025

Enforcement

Data Protection Council (includes security services representation)

Medical data exceptions; oversight includes security services

DataGuidance Jordan Overview

Why It Matters

Jordan's medical data exceptions and security services oversight create unique compliance considerations for mental health chatbots serving Jordanian users.

Recent Developments

Enforcement began March 2025

At a Glance

Applies to

Mental Health AppGeneral Chatbot

Requires

Transparency User Rights

Who Must Comply

Data controllers and processors in Jordan
Entities processing data of Jordanian residents
Medical and health data processing

Obligations fall on:

Safety Provisions

Medical data with specific exceptions
Data portability rights
Security services oversight role
Breach notification required
Cross-border transfer restrictions

Exemptions

Medical Data Exceptions

Specific exceptions for medical data processing

• Compliance with healthcare regulations

Compliance & Enforcement

Penalties

Fines and administrative sanctions

Primary Source

DataGuidance Jordan Overview

https://www.dataguidance.com/

View on map

Jordan

Focus Areas

Mental health & crisis

Cite This

APA

Jordan. (2023). Personal Data Protection Law (Law No. 24 of 2023).

Related Regulations

In Effect IL

Israel Privacy Amendment 13

Israel's most significant privacy reform in 40 years, explicitly covering AI systems. Requires Data Protection Officers (DPOs) for entities processing sensitive data at scale, mandates Data Protection Impact Assessments (DPIAs) before AI deployment, and enhances Protection of Privacy Authority enforcement powers. One of first data protection laws to explicitly require DPIAs before AI development or deployment.

In Effect SA

Saudi Arabia PDPL

Saudi Arabia's comprehensive personal data protection law with extraterritorial scope, DPO requirements for sensitive processing, and National Data Governance Platform registration.

In Effect OM

Oman PDPL

Oman's data protection law with world's strictest health data regulation: outright BAN on health data processing without Ministry of Health permit. Also requires 72-hour breach notification.

In Effect EG

Egypt AI Strategy 2025

Ambitious national strategy positioning Egypt as regional AI hub for Africa and Middle East. Targets 7.7% ICT sector GDP contribution by 2030, training 30,000 AI specialists, establishing 250 AI companies. Built on six strategic pillars: governance, infrastructure, technology, data, ecosystem, and talent. Accompanied by Egyptian Charter for Responsible AI (April 2023) with ethics principles.

In Effect QA

Qatar QCB AI Guidelines

Binding AI governance requirements for Qatar's financial sector. Mandates board-level accountability, risk assessments, human-in-the-loop for high-impact decisions, and prior QCB approval for high-risk AI systems.

In Effect AE

UAE Media Law

Comprehensive media regulation requiring licensing for all digital platforms, social media operations, and influencers. 20 binding content standards with significant penalties.

All regulations Check if this applies to you

Last updated January 22, 2026. Verify against primary sources before relying on this information.