UAE Federal Data Protection Law
UAE’s Federal Data Protection Law finally came into effect on 2nd January 2022 and the companies will have 6 months from the date of executive regulations, to be issued by March 20th, 2022, to get compliant with the law. The law focuses mainly on data subject rights, data breach requirements, data protection impact assessments, data transfer requirements and notification and record-keeping requirements. UAE data office will be the regulatory authority and has the power to process all personal data by controllers and processors located in the UAE and outside the UAE and can exempt UAE companies that do not process large volumes of personal data. In a nutshell, the law clearly explains the usage of personal data and lays out measures for the controllers to process the same with the awareness of any possible data breach. The Data Protection office (DPO) appointment and their roles, the rights of the data subjects, administrative penalties in case of any breach, etc. are defined well in this law.
Phone:- +971 4 327 7775
Mobile:- +971 52 830 7998
WhatsApp:- +971 56 219 1607
UAE Data Protection Law - The Key Highlights
What is the scope of Data Protection Law in UAE?
- Processing of personal data, by any means, by every data controller inside or from outside the UAE
- Law does not apply to the use of personal data for personal purposes by a data subject, government data, government authorities that control or process personal data, or personal data processed by the security and judicial authorities.
- Does not cover personal health data or personal banking and credit data. Does not apply to UAE free zones.
What are the Controller & Processor obligations?
Processors and controllers should take appropriate measures and also formulate procedures to be compliant with all local and international standards, to ensure an appropriate level of information security. The law includes a list of such measures to be tested and evaluated.
Controllers on becoming aware of any personal data breach should inform the data office of the breach and any investigation conducted into the breach. Must also notify the data subject of the breach. Processors must inform the controller of any breach. Controllers must appoint a DPO in certain circumstances Controllers must conduct DPIAs.
Processors must maintain a record of processing activities of the processing conducted on behalf of the controller, which must be made available to the UAE Data Office upon request. Controllers and processors must implement technical and organisational measures to maintain a high standard of data security appropriate to the level of risk. The record of all processing activities must be available for submission to the UAE data office on request.
What is the Data subject rights and Penalties in UAE?
There is a transition period of six months for the companies to achieve compliance from the date of publication. Every individual has the right to bar anyone to process their information processed without their consent, they are not even authorized to withdraw their consent at any time. Though the law doesn’t exactly specify the range of penalties, Fines can be imposed based on a proposal from the data office’s Director-General and the data subjects can file a complaint in case of a breach by either the processor or controller. There is a right to data portability for everyone as well.
How HLB HAMT can help ?
These days, Even the data protection noncompliance in smaller and less important offices of a company group may now lead to significant ramifications. The efforts for being compliant with the new data law requirements are generally high; not all requirements can reasonably be fulfilled at once.
The company will have to assess what kind of data processing activities are of the biggest risk to its business, rights of the data subjects as well as the risks that are likely to lead to high fines. We help companies allocate and plan their required resources and help in the implementation of a compliant data protection structure including conducting data protection impact assessments.
Latest insights, case studies and news from across the network
Trends that are expected to dominate the UAE Business Environment in 2023
Over the last two years, the world has seen some significant changes, and while 2022 has been an interesting year for the global economy,
Top Artificial Intelligence Technologies for UAE Companies
With innovative technologies, artificial intelligence has transformed the way we live. AI has taken over every industry and is having a significant impact on every aspect of society.
Five suggestions to get productive answers from ChatGPT
Since it was launched last November, Chat GPT has quickly become popular among professionals for its ease of use and ability to complete projects in a matter of days.
Get in touch
Whatever your question our team will point you in the right directionStart the conversation