Each of us dream to own a property on our own, however, some may be reluctant as it comes with a handful of responsibilities. One of the key responsibilities being maintenance of the surrounding common property. The Real Estate Regulatory Authority (RERA) has enforced Law 27 of 2017 (Law) to ease property owners’ burdens with such responsibilities. This Law regulates the real estate sector in the Kingdom of Bahrain and also prescribes the framework for creation and operation of an Owners Associations and Joint Properties under its resolution No. 7 of 2018 (Resolution).

Scope of Applicability
The provisions of this Resolution are imposed on all Joint Properties. Essentially, Joint Properties are defined to encompass all types of land, villas and building developments that contain common areas, where the owners partly own the common areas in accordance with their unit entitlements.

Owner’s Association – An Overview
As the common areas are intended to be owned jointly by all the owners, the owners form an “Owners Association”, which is a legal body responsible for maintaining and managing the common areas. It is noteworthy to mention that the scope of this Law has been expanded to include villa developments such as gated communities which encompass common areas such as access ways or recreational areas. An Owners Association is automatically formed by virtue of registering the first sale of a unit in a building development at the Survey and Land Registration Bureau (SLRB). Hence, the Owners Association comes into effect as a legal entity under the Law once the first title deed reflects the name of the purchaser. The Developer of the property bears the responsibility of drafting and preparing Joint Property by-laws for the development and submitting them to RERA. This process authorizes the SLRB to record the Joint Property by-laws on the title deeds.

Foundation of the Owner’s Association
It is worth highlighting that as a result of the applicability of this Law, the duties of a Developer have been enhanced immensely. As the Developer lays down the foundation of the formation of the Owners Association, it is mandatory for the Developer to be licensed by RERA and ensure the fulfilment of the responsibilities in relation to incorporation of the Owners Association as noted below:

a. The Developer is required to call the first general assembly within three months of the date of registration of the first transfer, once the title deeds are issued;
b. In the case of a villa joint property development, the Developer may delay the first general assembly until 10% of the villa units have been constructed; and
c. The Developer is also required to deliver important information and documents at the first general assembly, such as; (i) a list of the Owners Association’s assets, (ii) a full accounting report for paid service charges, (iii) warranties, (iv) service records for equipment, (v) building plans, (vi) bank accounts, (vii) service contracts, and (viii) a full list of owners and their contact details.

Incorporation of the Owner’s Association
The Developer of the property shall deem the Owners Association operational by calling an initial meeting attended by the owners of each joint unit. To make an Owner’s Association operational, steps that shall be undertaken by the Developer and the owners shall be as follows:

a. The Owner’s Association must choose the board members of the association in the annual general assembly meeting. The board should be comprised of at least three and a maximum of nine members which include the Chairman, Treasurer and Secretary. The general assembly may further assign three supplementary members to fill any vacancies in the board. The board members have a delegated responsibility to make decisions and to represent the Owner’s Association.
b. To approve the Joint Property By-Laws/ Articles of Association in pursuance of it being registered by RERA in the Special Register of Joint Properties. The Resolution requires an Owners Association to have Joint Property By-Laws. This contains the operating rules for the Owners Association such as rules relating to security and access, parking, the use of common areas and safety etc. The Association must therefore also set out a list of all units and their unit entitlements.
c. Further, upon submitting evidence of conducting a general assembly meeting, and appointing board members, RERA will issue a certificate setting out the names of the board members. This shall be considered sufficient evidence of the existence and creation of the Owners Association and of the power of Board members to represent the owners.

Successful Formation
On the successful formation of the Owners Association, a certificate shall be issued by RERA which shall be legally recognized and may be accepted by banks, utilities, and government agencies such as the Electricity and Water Authority (EWA). The Central Informatics Office (CIO) and the Labour Market Regulatory Authority (LMRA), as a proof that the Owners Association has been created and is operational.

There is a reason why we lock our houses and rent safety deposit boxes at the banks, and that is security!

Similarly, as the world is moving towards digitalization, majority of our personal information is collected, processed, and stored online as well as offline. This creates a special need for laws that specifically focus on protecting personal data. 

The Kingdom of Bahrain issued Law No. 30 of 2018 – The Personal Data Protection Law (“PDPL”) on July 12, 2018, which has come into force on August 1, 2019, and supersedes any law with conflicting provisions.

With that said, the provisions of the PDPL have not yet taken effect, since the formation of the Personal Data Protection Authority (“PDPL Authority”) is still in process, and the Board of Directors of the PDPL Authority is to issue the implementing regulations subsequent to its formation. Thus, the PDPL Authority shall be responsible for ensuring successful compliance and implementation of the PDPL.

1. Purpose

The PDPL aims to ensure that sensitive data (“Data”) is not used without the prior consent of the “Data Owner” and that the Data Owner has the right to withdraw such consent at any time. It shall further safeguard the security of the Data covered by providing standards of collection, processing and storage. Non-compliance of the same can lead to penalties which can be administrative and/or criminal in nature.

2. Scope and Applicability of PDPL

Data covered in the ambit of PDPL is broadly categorized into two categories i.e. “Personal data” and “Sensitive data” which are defined as:

Personal Data – “any information of any kind that relates to an identifiable individual, or an individual who can be identified, directly or indirectly, particularly through their personal identification number, or their physical, physiological, intellectual, cultural or economic characteristics or social identity.”

Sensitive Data – “any personal information which indirectly or directly reveals the individual’s race, ethnicity, political or philosophical views, religious beliefs, union affiliation, criminal record or any data related to their health or sexual life.”

The PDPL shall apply to the following entities/individuals:

  • individual Bahraini residents or individuals with a workplace in Bahrain;
  • business established in Bahrain; and
  • any business established outside Bahrain, but processes Personal Data or Sensitive Data by means available within Bahrain, other than for transitional  purposes (In this case, such businesses shall be obliged to appoint an authorized representative in Bahrain)

3. Duties of a Data Manager

In accordance with the PDPL a “Data Manager” is a person who decides individually or in association with others, the purposes and means of processing the Data. The key obligations of the Data Manager include:

  • seeking consent of the Data Owner for the processing of the Data;
  • ensuring that adequate safety measures are taken while selecting a Data Processor;
  • executing a written agreement with the Data Processor;
  • maintaining a of record in case they opt out of appointing a data protection controller; and
  • seeking authorization from the PDPL Authority in case required under the PDPL.

4. Consent of the Data and their rights

  • It is mandatory to take a valid, written and explicit consent of the Data Owner for processing the Data by the Data Manager except as provided otherwise under the law (example journalistic or literary purposes). The Data Managers are required to ensure that the consent of the Data Owners is:
    1. in writing, explicit and clear; and
    2. issued by an individual of full eligibility;
    3. issued based upon the Data Owner’s free will and consent after being fully briefed on the purpose/purposes of processing the data, and, where appropriate, inform them of the consequences of their disagreement.
  • In case the Data Owner is incompetent or incapacitated, the consent of their guardian or guardians must be taken in accordance with the conditions referred hereinabove above.
  • The Data Owner also has the right to withdraw the consent. The procedures for submitting the withdrawal request and the Data Manager’s decision on the requests of withdrawal will be issued by the PDPL Authority.
  • Interestingly, the processing of Data is contingent on the consent of the Data Owner, except:
    1. to be informed of any processing of the Data;
    2. to object the direct marketing of the Data or any processing which may harm/distress the Data Owner or others;
    3. to object the decisions based upon automated processing of the Data;
    4. to demand correction, blocking, surveying or erasing the Data; and
    5. the right to file a complaint with the PDPL Authority.

5. Processing of the Data

It interesting to note that the processing of the Data shall be contingent on the consent of the Data Owner except:

  • as specified under the law; or
  • where it is necessary for the implementation of a contract that the Data Owner is a party to; or
  • to take steps requested by the Data Owner to conclude a contract; or
  • to implement an obligation required by law; or
  • to protect vital interest of the Data Owner.

Separately, an exhaustive list of Data is prescribed, processing of which shall require prior written authorization of the PDPL Authority.

6. Data Protection Supervisor

It is noteworthy that pursuant to the PDPL a “Data Protection Supervisor” may be appointed voluntarily by the Data Manager, however, it is also possible for the PDPL Authority to later issue a decision that requires certain categories of Data Managers to mandatorily hire a Data Protection Supervisor. In all cases, when the Data Protection Supervisor is appointed, the Data Manager must inform the PDPL Authority of the appointment within three days of it taking place. Once registered in the PDPL Authority’s register, the Data Protection Supervisor becomes accredited.

The Data Protection Supervisor shall be responsible to undertake the following duties:

  • coordinate between the PDPL Authority and the Data Manager regarding the processing of Personal Data;
  • verify that the Data Manager processes the data in accordance with the provisions of this law and notify the Data Manager immediately to remove any violation or make the necessary correction as soon as possible;
  • notify the PDPL Authority of any violations of the PDPL that the supervisor becomes aware of; and
  • maintain a record of the processing operations that the Data Manager must notify the PDPL Authority about.

7. Data Collection Record

In case a Data Protection Supervisor is not appointed, the Data Manager is obliged to keep a record of the processing operations. This will be in the form of a “notification”. This notification shall include in particular the following details:

  • the name and address of the Data Manager, and the data processor, if any;
  • purpose of treatment;
  • data description and statement of categories of Data Owners and recipients of these data or their categories;
  • any transfer of data to a country or territory outside the Kingdom intended to be carried out; and
  • a statement that enables the PDPL Authority to assess in principle the adequacy of the measures available to meet the safety requirements.

The Data Managers must inform the PDPL Authority about any changes in the information provided. The PDPL Authority shall maintain a register called the “Register of Notifications and Permits” which shall contain the notifications and any changes.

8. Cross-border transfer of data

Generally, the transfer of data from the territory of Bahrain is prohibited unless it is transferred to a country which has enforced adequate protection of Personal Data. Further, such transfer is permitted under the following scenarios:

  • in case the Data Owner has agreed to the transfer;
  • if the data is derived from a record created in accordance with the law;
  • if the transfer is necessary for:
    1. implementation of a contract between the Data Owner and Data Manager, or taking preceding steps at the Data Owner’s request for the purpose of concluding the contract;
    2. conclusion of a contract between the Data Manager and a third party for the benefit of the Data Owner;
    3. protecting the vital interests of the Data Owner;
    4. satisfying an obligation imposed by law; and
    5. in preparation, execution or defense against a legal claim.


In case of non-compliance with PDPL, depending upon the non-compliance the PDPL Authority may impose a criminal penalty for an offence like processing of Data outside Bahrain of up to BD 20 or imprisonment up to one year.

Further, an administrative penalty may be imposed for other offences which can reach up to BD 20,000 or a daily penalty of up to BD 1,000 (subject to increase based on the repetition of the offence).

Note – The capitalized term shall have the same meaning as prescribed under the Law issued Law No. 30 of 2018 -The Personal Data Protection.

Pursuant to Law No. 28 of 2014, an individual or group of individuals may become a property developer and undertake the following business activities:

  • developing a project in Bahrain for either commercial or residential purposes;
  • sells properties; and
  • receive payments from selling these properties

In order to become licensed developer, the following statutory requirements are prerequisite:

1. Check Land Status

  • The land, on which the project will be built, should be registered under the developer.
  • Check the classification of the land with the Survey and Land Registration Bureau (SLRB) i.e. if the land can be for both commercial and residential purposes.

2. Check the Activity on Sijlat

  • Activity of the developer should include “Real estate activities with own or lease property (ISIC4 Code 681)”.

3. Get A Developers License (Online Application)

There are two types of licenses issued by RERA:

  • Developer License (Company)
  • Developer License (Individual)

4. Get A Development License i.e. an Off-Plan Sale Project License

This is a License for New Developments (Online Application Not Available)

  • The license requires a completed application form. The same form can be used by companies or individuals.
  • The application fee will depend on the project value. The project value is the sum of the land value and construction costs.

Note: A development license is not required if you are not selling off-plan. “If the developer is self-financing a construction project or is financing by methods other than selling units off-plan, then a development license is not required.”

5. Open an Escrow Account

  • Developers are required to open an escrow account with a financial institution prior to applying for a Development License
  • An escrow account reduces the risk of non-completion of the building and ensure that all payment deposited for the completion of the building are used for that purpose only and not for any other purposes. The escrow account also ensures that the Developer invests a minimum of 20% in the Development.

6. Get an Advertising License

There are two types of advertising licenses:

  • Market research advertising license (temporary license) – This license is only applicable to developers who have not started construction on the development and valid for 9 months period. If construction has commenced, the developer will not be legible to obtain this license.
  • Full advertising license: A developer (or broker) must have an advertising license to advertise and sell units off-plan to buyers for each new development project.

Bahrain Law No. 27 of 2014 ‘Issuing the Property Lease Law’ (the “Property Lease Law”) was published on 7 August 2014 and came into force on 7 February 2015 (the “Effective Date”).

Application of the Law

The Property Lease Law applies to real estate premises that are intended for residential, industrial, commercial, professional and craftsmanship purposes. However, the Property Lease Law does not apply to:

  • fixed and non-fixed industrial lands and construction subject to Decree-law No. 28 of 1999 with respect to industrial zones establishment and organization, agricultural lands, lands leased for hotels and tourist purposes, furnished flats leased for periods not exceeding one month, residential units occupied for work conditions, lands leased under musataha.

The Property Lease Law applies to both new leases and leases that were in existence on the Effective Date.

Lease Formalities and Registration

All leases, subject to the Property Lease Law, must be in writing and must specify the lease period and the rent payable by the lessee. If a lease does not specify the lease period, the lease will be valid for the period specified in the lease for payment of rent. Further, if the rent is not specified, the rent will be determined on commencement of the lease by taking into account the condition, size and purpose of the leased premises, and the prevailing rent in the area in which the leased premises are situated.

It is the lessor’s responsibility to register its lease and to pay the registration fees. However, if the lessor refuses to pay the fees, the lessee may register the lease and deduct the registration fees from the rent.

Security Deposit, Rent and Rent Review

A lessor of residential premises can receive a maximum of 3 months rent paid by cash in advance. For other types of premises, the parties can agree on a different amount. The maximum-security deposit that a lessor can require from a lessee is one month’s rent.

A lessor may not increase the rent under a lease until two years from the lease commencement date or the previous rent increase (whichever is earlier). The rent increase is capped at 5% for residential properties and 7% for commercial, industrial, professional, craftsmanship or other properties. Additionally, the rent can only be increased a maximum of 5 times throughout the lease term, unless the parties agree otherwise in writing. If the lessor wishes to increase the rent, it must give the lessee written notice at least 3 months before expiry of the second year. These restrictions also apply when existing leases are renewed or re-entered after the expiry of 3 years from the Effective Date.

Expiry, Renewal and Eviction

If the lessee intends to leave the premises on expiry of the lease, it must give the lessor written notice of its intention at least 3 months before the lease expires.

Similarly, if a lessee wishes to renew its lease, it must give the lessor written notice at least 3 months before the lease expires. The lessee is entitled to renew for a period up to 3 years for residential premises and 7 years for commercial, industrial, professional, craftsmanship or other premises.

For leases signed after the Effective Date, a lessor cannot require a lessee to vacate leased premises until after a period of 3 years from the date of handover for residential premises and 7 years for commercial, industrial, professional, craftsmanship or other premises. However, the parties are entitled to agree in writing to a different period.