guidance

DIFC Commissioner of Data Protection — Overview of Personal Data Regime

Issuing bodyDIFC
CountryUAE
Date issued2020
data protectionprivacyDIFCdata governance

This document provides an overview of the data protection law and regulations within the Dubai International Financial Centre (DIFC). It outlines the interplay between DIFC, Federal, and Emirate laws, the authority of the DIFC Commissioner of Data Protection, and the principles for processing personal data. It also covers the rights of data subjects and the legal duties of controllers and processors.

Key requirements
  • Controllers and processors must adhere to internationally recognized data protection principles.
  • Controllers and processors must comply with accountability requirements.
  • Controllers and processors must fulfill legal duties as defined by DIFC data protection law.
Applies to: Controllers and processors operating within the Dubai International Financial Centre (DIFC)
View original document ↗Ask GCC LexAI about this →
More from DIFC
DIFC Comprehensive Guide to Data Protection Law and RegulationsDIFC Data Protection Law No. 5 of 2020 (Consolidated Version)DIFC Data Protection Regulations — Consolidated Version (incl. Reg 10 AI, 2023)DIFC Regulation 10 Accelerator Framework — AI and Autonomous SystemsDIFC Regulation 10 — Accreditation and Certification Framework for Autonomous SystemsFederal Decree No. 35 of 2004
AI-generated summaries only. Arabic originals are legally binding. This is not legal advice. · ← All documents