In the Iranian cyber law, no law has been enacted to protect the personal data of the people when a theft of personal data occurs. This paper will suggest a guideline for applying and enforcing the data protection and privacy digital laws in Iran. By enforcing the suggested guideline the authors achieve a means to process data strictly by commercial sectors for commercial activities in sectors of tourism, finance, insurance, telecommunications, and such other commercial transaction sectors.