The UAE has implemented Data Protection Laws which are aligned with best practices followed globally, such as EU GDPR, which are adapted to meet the needs to UAE. There are currently 3 Data Protection laws applicable in UAE which are as follows:
1. Data Protection Regulations 2021 issued by Abu Dhabi Global Market applicable for Processing of Personal Data in the context of the activities of an Establishment (entity or authority licensed in ADGM) of a Controller or a Processor in ADGM, regardless of whether the Processing takes place in ADGM or not.
2. Data Protection Law 2020 issued by DIFC is applicable for Controller or Processor incorporated in DIFC, regardless of whether processing takes place in the DIFC not.
3. UAE Federal Data Protection Law No. 45 of 2021 applicable to the processing of personal data by controllers and processors located in the UAE (other than entities / authorities registered in DIFC and ADGM) whether or not the personal data processing relates to data subjects in the UAE or abroad.
There are very limited exemptions available for applicability of these regulations. Some of the entities may be subject to compliance of more than one or all the 3 laws.
The objective of these laws is promote protection of individual’s personal data and to promote lawful, fair and transparent processing of Personal Data. It includes provisions relating to data subject rights, establishment of data protection policy, data protection impact assessments, appointment of Data protection officer, data breach notifications, data transfer requirements and notification and record keeping requirements.
Personal data is any data relating to an identified natural person or identifiable natural person. Entities do not need to know the name of a person to be identified/identifiable, for e.g. it may include names, photographs, ID numbers, location data, online identifiers (e.g. IP addresses and cookie identifiers) etc.
Personal data may be retained in any form, such as
Entities are required to assess the applicability of the provisions and carefully establish policies and procedures to ensure compliances with these Data Protection Laws.
We understand that entities may be familiar with Data Protection laws but finds it difficult to implement and comply with and keep track of changes in the laws and regulations.
We offer to help entities to establish a framework towards greater compliance, and protect your business’ legal and financial standing. After all, when it comes to non-compliance issues, ignorance of the law is no defense.
Our Services to Include:
Contact us for further assistance