The UAE has published its first Federal Data Protection Law No. 45 of 2021, which came into effect on 2 January 2022.
This alert gives an overview of the law which will be supplemented by the expected executive regulations (Executive Regulations), as well as key aspects in comparison with other data protection frameworks like the EU General Data Protection Regulation (GDPR).
The law applies to the processing of personal data of data subjects residing in the UAE or having a workplace in the UAE; controllers or processors established in the UAE that carry out the activities of processing personal data for data subjects in the UAE or abroad; and controllers or processors established outside of the UAE that carry out the activities of processing personal data for data subjects in the UAE.
The law states that the personal data has to be gathered for a clear purpose and may not be processed later on in a manner that does not match the original purpose. On another note, personal data must be limited to what is needed in relation with the purpose for which the processing is carried out, must be stored securely, and be protected against unauthorized or unlawful processing using appropriate technical or organizational measures to be specified.
The controller and processor must appoint a Data Protection Officer who has relevant and sufficient skills to do so. The controller must also inform the Emirates Data Office as soon as it becomes aware of any breach of personal data that would undermine the privacy, and confidentiality of a data subject. The notification must detail any preliminary investigation results as well as a statement on the nature, cause and extent of the breach.
Note that personal data may be transferred outside the UAE to jurisdictions that have legislation for the protection of personal data, including provisions relating to the conditions for protecting the privacy of a data subject’s personal data.
To know more about the UAE Federal Decree-Law on Data Protection, note that:
Lexyom has just published the full text of the UAE Federal Decree-Law on Data Protection directly to the Dashboard, in its Guides section. This will allow you to fully understand and grasp the various data protection regulations and requirements in the UAE.
If you’ve been struggling with understanding what is actually required from you to be compliant when it comes to data protection, know that this document would be a big help for you. If you’re interested in learning more about it, feel free to reach out to our expert lawyer and CPO, Nadine Imad, to set up some time to chat.
Legally yours,
