guidance

DIFC Comprehensive Guide to Data Protection Law and Regulations

Issuing bodyDIFC
CountryUAE
Date issued2020
data protectionpersonal datadata breachesdata export

This document is a comprehensive guide issued by the DIFC Commissioner of Data Protection regarding Data Protection Law, DIFC Law No. 5 of 2020, and its associated regulations. It aims to provide accessible information about the legislation, covering definitions of personal and special category data, obligations of controllers and processors, data export, data subject rights, and breach procedures.

Key requirements
  • Controllers and processors must comply with the Data Protection Law and Regulations.
  • Organizations must provide information to data subjects regarding the processing of their personal data.
  • Organizations must implement procedures for handling personal data breaches.
  • Organizations must adhere to rules regarding data export and sharing.
Applies to: Organizations operating within the Dubai International Financial Centre (DIFC) that process personal data.
View original document ↗Ask GCC LexAI about this →
More from DIFC
DIFC Commissioner of Data Protection — Overview of Personal Data RegimeDIFC Data Protection Law No. 5 of 2020 (Consolidated Version)DIFC Data Protection Regulations — Consolidated Version (incl. Reg 10 AI, 2023)DIFC Regulation 10 Accelerator Framework — AI and Autonomous SystemsDIFC Regulation 10 — Accreditation and Certification Framework for Autonomous SystemsFederal Decree No. 35 of 2004
AI-generated summaries only. Arabic originals are legally binding. This is not legal advice. · ← All documents