Is your mobile application ready for Jordan's new data privacy standards? Learn how to navigate Law No. 24 of 2023 to ensure your business remains compliant and builds user trust.
Aviniti Team
Published on April 7, 2026
In the rapidly evolving digital landscape of Amman and the wider MENA region, data is often described as the new oil. However, with great power comes great responsibility. For business owners in Jordan, the legal landscape shifted significantly with the introduction of the Personal Data Protection Law (PDPL) No. 24 of 2023.
This legislation isn't just a hurdle for IT departments; it is a fundamental shift in how businesses must interact with their customers. Whether you are running a food delivery startup, a healthcare clinic app, or an e-commerce platform, ensuring Jordan data protection law compliance is now a prerequisite for sustainable growth. At Aviniti, we believe that compliance is not just about avoiding fines—it is about building a foundation of trust with your users.
The Jordanian PDPL was designed to align the Kingdom with international standards, such as the EU's GDPR. It establishes clear rules for the processing of personal data, which includes any information that can identify a natural person, such as names, phone numbers, GPS locations, and even IP addresses.
To ensure your mobile application is compliant, you must integrate privacy by design. This means thinking about data protection from the very first line of code.
Gone are the days of pre-ticked boxes or hidden clauses in 50-page Terms and Conditions. Under the new law, consent must be "explicit, documented, and given freely." For a mobile app, this means:
You should only collect data that is strictly necessary for your app's functionality. If you are building a salon booking app, do you really need the user's home address? If the answer is no, collecting it could be a liability.
Users now have the legal right to request the deletion of their personal data. Your app must have a clear, accessible mechanism for users to request account deletion and the removal of their data from your servers and any third-party processors you use.
Achieving Jordan data protection law compliance requires more than just a legal policy update; it requires technical implementation. Here is how the landscape has changed:
| Feature | Traditional Practice (Pre-2023) | Compliant Practice (Post-2023) |
|---|---|---|
| Data Collection | Maximum data harvesting for future use | Minimal data collection for specific purposes |
| User Consent | Implied or bundled in T&Cs | Explicit, granular, and documented |
| Data Storage | Often unencrypted or poorly managed | Mandatory encryption and access controls |
| Breach Notification | Voluntary or non-existent | Mandatory report to the Unit within 72 hours |
| Third-Party Sharing | Often shared without clear disclosure | Requires explicit consent and legal agreements |
If you are currently managing an app or planning a new digital transformation project in Jordan, follow these steps:
The Jordanian government has signaled that it takes data privacy seriously. Violations can lead to significant fines, ranging from 1,000 JOD to 10,000 JOD for initial offenses, with the potential for higher penalties and even the suspension of business licenses for repeat offenders or severe breaches. Beyond the financial impact, the reputational damage of a data leak can be terminal for a growing startup.
Adapting to the Jordan Personal Data Protection Law is not just a legal obligation—it’s a competitive advantage. In a market where consumers are becoming increasingly aware of their digital rights, showing that your app respects their privacy will set you apart from the competition.
At Aviniti, we specialize in building secure, scalable, and fully compliant mobile applications tailored for the Jordanian market. Whether you are starting from scratch or need to audit an existing platform, our team is here to help you navigate the complexities of digital transformation.
Yes. The law applies to any person or entity in Jordan that processes personal data, regardless of the size of the business. If you handle customer names and phone numbers, you must comply.
You can still store data abroad, but you must ensure that the destination country provides a level of protection at least equal to Jordan's law, or you must obtain specific authorization from the Data Protection Unit.
The law provided a grace period for businesses to adjust their operations. However, with the full implementation now in effect, businesses are expected to have their systems and policies aligned immediately.
Likely, yes. You will need to add clear consent screens, easy-to-find privacy settings, and a straightforward way for users to request data deletion.
Ready to ensure your app is secure and compliant?
Don't leave your business's legal standing to chance. Use our tools to analyze your current position or reach out for a professional consultation.
