law

DIFC Data Protection Law No. 5 of 2020 (Consolidated Version)

Issuing bodyDIFC
CountryUAE
Date issued2020
data protectionprivacyDPOdata processing

The DIFC Data Protection Law No. 5 of 2020 (Consolidated Version) outlines the requirements for processing personal data within the Dubai International Financial Centre (DIFC). It establishes principles for lawful processing, special categories of data, consent, legitimate interests, and accountability. The law aims to protect individuals' privacy rights and regulate data processing activities within the DIFC.

Key requirements
  • Process personal data lawfully, fairly, and transparently.
  • Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
  • Maintain records of processing activities.
  • Designate a Data Protection Officer (DPO) under certain conditions.
Applies to: Entities processing personal data within the Dubai International Financial Centre (DIFC)
View original document ↗Ask GCC LexAI about this →
More from DIFC
DIFC Commissioner of Data Protection — Overview of Personal Data RegimeDIFC Comprehensive Guide to Data Protection Law and RegulationsDIFC Data Protection Regulations — Consolidated Version (incl. Reg 10 AI, 2023)DIFC Regulation 10 Accelerator Framework — AI and Autonomous SystemsDIFC Regulation 10 — Accreditation and Certification Framework for Autonomous SystemsFederal Decree No. 35 of 2004
AI-generated summaries only. Arabic originals are legally binding. This is not legal advice. · ← All documents