top of page

DIFC Data Protection

The Data Protection Law prescribes rules and regulations regarding the collection, handling, disclosure and use of personal data in the DIFC, the rights of individuals to whom the personal data relates and the power of the Commissioner of Data Protection in performing their duties in respect of matters related to the processing of personal data as well as the administration and application of the Data Protection Law.

The Data Protection Law embodies international best practice standards and is consistent with EU regulations and OECD guidelines and is designed to balance the legitimate needs of businesses and organizations to process personal information while upholding an individual’s right to privacy.

To help persons and businesses operating in the DIFC maintain compliance with the Data Protection Law, this site has been designed to provide a useful point of reference and guidance, as well as assist individuals who wish to find out more about the obligations and rights available to them under the Data Protection Law.

Objectives of the New Data Protection Law

The Proposed Law is sought to replace the existing Data Protection Law No. 1 of 2007 and is aimed at:

  • incorporating international best practices as well as elements of the GDPR (General Data Protection Regulation (EU)) and the California Consumer Privacy Act (USA);

  • expanding the compliance framework including concerning data breach notification, prior consultation and data protection officer appointments;

  • providing for clarity on consent and data subjects’ rights; and

  • amendment of powers of the Commissioner of Data Protection, administrative requirements and sanctions / enforcement.


Research and composition by Sheher Bano

bottom of page