Why Data Protection Matters

In an era of increased globalization and technology advances, information has never been more readily available and transmittable. Businesses of all kinds, including retail, management and international banking and financial services organizations, are increasingly exchanging personal data electronically and across borders in greater volumes every day.

Personal Data includes any information relating to a living individual, that specifically identifies him or her. Biometric data, photos, even IP addresses can all be considered Personal Data in context. Special Category Data is that which is subjective or inherent to the person, such as ethnicity, religion or political or philosophical beliefs.

The result of the processing and mishandling - voluntary or involuntary - of any type of Personal Data can have significant consequences, including exposure to risk relating to financial or other serious damages. It is crucial that individuals' right to privacy is protected by establishing effective data protection laws and enforcing legal safeguards to secure and protect Personal Data and its processing.

Today governments and regulators world-wide are increasingly calling for measures to protect privacy and the adoption of data protection regimes to enforce such safeguards. The Office of the Data Protection Commissioner was established under the Data Protection Law of 2007 as amended by Data Protection Law Amendment Law, DIFC Law No. 5 of 2012 (Data Protection Law) as an independent, neutral and objective body to ensure the protection of all personal information in the DIFC.

The updated Data Protection Law 2020 and Data Protection Regulations 2020 (collectively the “Legislation”) create a legal and procedural framework that ensure that all personal data in the DIFC is treated fairly, lawfully and securely when it is stored, processed, used, disseminated or disclosed.

The Data Protection Legislation encompasses and applies to regulated entities, including all banks and financial institutions, as well as non-regulated organisations that may process personal data to carry out their business activities.


Benefits Of Registration For Companies

  • Registration will ensure that personal data are processed in accordance with the fundamental respect for the right to privacy and confidentiality while providing transparency about the flow of data from and within the DIFC.
  • Requires companies to be transparent and open about their data processing activities as well as take necessary measures to correct the gaps in their security structures, from a business, technical and a legal standpoint.
  • One of the critical areas where data protection is relevant is business processing operations and outsourcing. Activities such as insurance claims management and payment processing activities typically handle and process large amounts of personal data. More recently offshore outsourcing has been under much scrutiny for failing to address data protection issues. With established safeguards in place, this will help in facilitating activities related to back office functions that are essential for the operation of banks and financial institutions.


Benefits Of Registration For Individuals

  • Protects and raises awareness of individuals' rights to privacy and confidentiality through accountability and ethical data management.
  • Promote openness, transparency and disclosure, in the use of personal information and helps individuals understand how their personal information is being processed by Controllers and Processors, including those that are government entities.
  • Allows individuals to request access to or the correction of individual and/or personal information being processed.


Mission Statement - Office of the Commissioner of Data Protection

The Office of the Commissioner of Data Protection is the independent regulator set up to achieve its mission of upholding information rights in the public interest and data privacy for individuals in or from the Dubai International Financial Centre ("DIFC"). In discharging its regulatory mandate, the Office of the Commissioner of Data Protection will demonstrate professionalism, independence, efficiency and leadership upholding the DIFC guiding principles of integrity, transparency and efficiency.