regulation

DIFC Data Protection Regulations — Consolidated Version (incl. Reg 10 AI, 2023)

Issuing bodyDIFC
CountryUAE
Date issued2023
data protectiondata breachDIFCprivacy

The DIFC Data Protection Regulations outline the requirements for processing personal data within the Dubai International Financial Centre. This consolidated version includes updates related to AI and covers obligations related to data processing records, notifications, supervision, data transfers, breach reporting, and potential fines for non-compliance. It aims to protect personal data and ensure responsible data handling practices.

Key requirements
  • Maintain Records of Processing Activities (RoPA)
  • Notify the Commissioner of Processing Operations
  • Submit an Annual Assessment
  • Report Personal Data Breaches to the Commissioner and Data Subjects
  • Comply with rules regarding transfers of data outside the DIFC
Applies to: Entities processing personal data within the Dubai International Financial Centre (DIFC)
View original document ↗Ask GCC LexAI about this →
More from DIFC
DIFC Commissioner of Data Protection — Overview of Personal Data RegimeDIFC Comprehensive Guide to Data Protection Law and RegulationsDIFC Data Protection Law No. 5 of 2020 (Consolidated Version)DIFC Regulation 10 Accelerator Framework — AI and Autonomous SystemsDIFC Regulation 10 — Accreditation and Certification Framework for Autonomous SystemsFederal Decree No. 35 of 2004
AI-generated summaries only. Arabic originals are legally binding. This is not legal advice. · ← All documents