🇴🇲 Live Privacy & Data Protection

Oman Personal Data Protection Law (Royal Decree 6/2022)

Establishes a comprehensive framework for the protection of personal data in the Sultanate of Oman, including requirements for data processing, consent, cross-border transfers, and data subject rights. Applies to all entities processing personal data within Oman or of Omani residents.

View official source document

Rules extracted

Obligations decomposed

6.4x

Avg obligations per rule

🇴🇲 Oman

Jurisdiction

About this regulation

Royal Decree 6/2022, issued in February 2022 and enforceable from February 2023, establishes comprehensive personal data protection requirements for the Sultanate of Oman. The law comprises 32 articles in five chapters covering definitions and general provisions, Ministry duties and powers, data subject rights, controller and processor obligations, and penalties. It governs the processing of personal data by natural and legal persons in both public and private sectors, requires explicit written consent, establishes sensitive data protections including a permit requirement from the Ministry, creates data subject rights including portability and erasure, and imposes graduated criminal fines. Fully enforceable from 5 February 2026 after the transition period.

What AuditDSS covers

Source

Regulation

Extracted

Rules

Decomposed

Obligations

6.4x

Decomposition ratio

Each rule is decomposed into an average of 6.4 atomic obligations — the smallest testable units that can be independently violated.

Fully extracted & scored

All 32 obligations have been decomposed, titled, risk-scored, and embedded for semantic matching.

Risk scoring

Every obligation in Royal Decree 6/2022 is scored across independent risk dimensions:

Obligation Weight

How critical within the regulatory framework

Violation Likelihood

How often breached in practice

Enforcement Evidence

Regulator enforcement history and penalties

Cascade Dependency

How many obligations depend on this one

Regulatory details

Full title: Oman Personal Data Protection Law (Royal Decree 6/2022)
Regulatory body: Ministry of Transport, Communications and Information Technology
Jurisdiction: 🇴🇲 Oman
Document type: law
Effective date: February 13, 2023
Issuing authority: Sultanate of Oman — Ministry of Transport, Communications and Information Technology
Industry: Privacy & Data Protection
Official source: View source document ↗

Who this applies to

data controllersdata processorsgovernment entitiesprivate sector organizations processing personal data in Oman

Key requirements

lawful basis for processing personal data
data subject rights (access, rectification, erasure, portability)
consent requirements
cross-border data transfer restrictions
data protection impact assessments
data breach notification
appointment of data protection officer
special category data protections

Frequently asked questions about Royal Decree 6/2022

What is Royal Decree 6/2022?

Who does Royal Decree 6/2022 apply to?

Royal Decree 6/2022 applies to data controllers, data processors, government entities, private sector organizations processing personal data in Oman.

How many obligations does Royal Decree 6/2022 contain?

AuditDSS has decomposed Royal Decree 6/2022 into 32 atomic obligations from 5 rules. Each obligation is independently testable and risk-scored.

What are the key requirements of Royal Decree 6/2022?

The key requirements include: lawful basis for processing personal data, data subject rights (access, rectification, erasure, portability), consent requirements, cross-border data transfer restrictions, data protection impact assessments, data breach notification, appointment of data protection officer, special category data protections.

How can I assess my Royal Decree 6/2022 compliance?

Upload your compliance policy to AuditDSS. The platform maps your document against all 32 Royal Decree 6/2022 obligations using deterministic AI scoring — not checklists or LLM summaries. You get a risk-scored gap analysis showing exactly which obligations are covered, partially covered, or missing.

Which jurisdiction enforces Royal Decree 6/2022?

Royal Decree 6/2022 is enforced in Oman by Ministry of Transport, Communications and Information Technology.

When did Royal Decree 6/2022 come into effect?

Royal Decree 6/2022 became effective on February 13, 2023.

What industry does Royal Decree 6/2022 apply to?

Royal Decree 6/2022 is primarily relevant to the Privacy & Data Protection industry. AuditDSS covers 71 regulations in this industry sector.

Build a Royal Decree 6/2022 compliance pack

Don't have a compliance policy yet? AuditDSS generates a complete compliance pack for Royal Decree 6/2022 — alone or combined with other regulations your business needs. Every clause is mapped to specific obligations.

Policy

High-level commitments and governance framework covering Royal Decree 6/2022 requirements.

Procedures

Step-by-step operational procedures to implement each policy commitment.

Forms & checklists

Ready-to-use forms, registers, and checklists for day-to-day compliance operations.

Multi-regulation

Combine Royal Decree 6/2022 with other regulations into a single unified compliance pack for your business.

Build Royal Decree 6/2022 compliance pack

Already have a policy? Assess it against Royal Decree 6/2022

Upload your document

Upload your compliance policy, program manual, or operational document. AuditDSS accepts any text-based document.

AI maps against 32 obligations

Your document is scored against every obligation in Royal Decree 6/2022. Each claim is mapped to the obligation tree and evaluated for coverage.

Risk-scored gap report

Receive every gap ranked by risk priority with remediation guidance, enforcement evidence, and cascade impact analysis.