21 May 2020
01 Jul 2020
Part 1: INTRODUCTION AND SCOPE.............................................................................................................................. 1
1. Title and repeal..................................................................................................................................................... 1
2. Legislative authority............................................................................................................................................ 1
3. Date of enactment................................................................................................................................................ 1
4. Commencement.................................................................................................................................................... 1
5. Purpose of this Law.............................................................................................................................................. 1
6. Application of the Law.......................................................................................................................................... 2
7. Schedules............................................................................................................................................................. 2
8. Administration of the Law.................................................................................................................................... 2
Part 2: GENERAL REQUIREMENTS ................................................................................................................................ 3
Part 2A: Requirements for legitimate and lawful Processing .................................................................................. 3
9. General requirements .......................................................................................................................................... 3
10. Lawfulness of Processing .................................................................................................................................. 3
Part 2B: Processing of Special Categories of Personal Data ................................................................................... 4
11. Processing of Special Categories of Personal Data ........................................................................................... 4
Part 2C: Conditions of consent and reliance on legitimate interests ...................................................................... 5
12. Consent.............................................................................................................................................................. 5
13. Legitimate interests .......................................................................................................................................... 6
Part 2D: General requirements ................................................................................................................................. 6
14. Accountability and notification ......................................................................................................................... 6
15. Records of Processing activities........................................................................................................................ 7
16. Designation of the DPO....................................................................................................................................... 8
17. The DPO: competencies and status ................................................................................................................... 8
18. Role and tasks of the DPO.................................................................................................................................. 9
19. DPO Controller assessment........................................................................... ....................................................10
20. Data protection impact assessment.................................................................... .............................................10
21. Prior consultation ........................................................................... .................................................................11
22. Cessation of Processing..................................................................................... ..............................................12
Part 3: JOINT CONTROLLERS AND PROCESSORS......................................................................................................... 14
Part 3A: Joint Controllers........................................................................................................................................ 14
23. Joint Controllers............................................................................................................................................... 14
Part 3B: Processors................................................................................................................................................ 14
24. Processors and Sub-processors................................................................ .......................................................14
25. Confidentiality................................................................................................................................................... 16
Part 4: DATA EXPORT AND SHARING........................................................................................................................... 17
26. Transfers out of the DIFC: adequate level of protection .................................................................................. 17
27. Transfers out of the DIFC in the absence of an adequate level of protection.................................................. 17
28. Data sharing............................................................................................. ........................................................20
Part 5: INFORMATION PROVISION .............................................................................................................................. 21
29. Providing information where Personal Data has been obtained from the Data Subject ............................. ......21
30. Providing Information where Personal Data has not been obtained from the Data Subject ............................. 22
31. Nature of Processing information............................................................... ......................................................23
Part 6: RIGHTS OF DATA SUBJECTS ........................................................................................................................... 24
32. Right to withdraw consent............................................................... ................................................................24
33. Rights to: access, rectification and erasure of Personal Data ......................... ...............................................24
34. Right to object to Processing..................................................................... ......................................................26
35. Right to restriction of Processing .................................................................................................................... 27
36. Controller's obligation to notify........................................................................................................................ 27
37. Right to data portability................................................................................. ...................................................27
38. Automated individual decision-making, including Profiling.................................. ...........................................28
39. Non-discrimination................................................................................ ...........................................................28
40. Methods of exercising Data Subject rights....................................................................................................... 29
Part 7: PERSONAL DATA BREACHES........................................................................................................................... 30
41. Notification of Personal Data Breaches to the Commissioner.......................................................................... 30
42. Notification of Personal Data Breaches to a Data Subject .............................................................................. 30
Part 8: THE COMMISSIONER....................................................................................................................................... 31
43. Appointment of the Commissioner.................................................................................................................... 31
44. Removal of the Commissioner ......................................................................................................................... 31
45. Resignation of the Commissioner..................................................................................................................... 31
46. Powers, functions and objectives of the Commissioner .................................................................................. 31
47. Delegation of powers and establishment of advisory committee ............... .....................................................33
48. Codes of conduct ............................................................................ ................................................................33
49. Monitoring of approved codes of conduct........................................................................................................ 34
50. Certification schemes ..................................................... ................................................................................35
51. Certification and Accreditation ....................................................................................................................... 35
52. Production of information ................................................................................................................................ 36
53. Regulations....................................................................................................................................................... 36
54. Funding................................................................................................. ............................................................37
55. Annual budget of the Commissioner....................................................... ..........................................................37
56. Accounts................................................................................................. ..........................................................38
57. Audit of Commissioner ..................................................................................................................................... 38
58. Annual report...................................................................................... ..............................................................38
Part 9: REMEDIES, LIABILITY AND SANCTIONS........................................................................................................... 39
59. Directions......................................................................................................................................................... 39
60. Lodging complaints and mediation ................................................................................................................. 40
61. General contravention ..................................................................................................................................... 40
62. Imposition of fines............................................................................................................................................ 40
63. Application to the Court ..................................................................... .............................................................41
64. Compensation.................................................................................... ...............................................................41
Part 10:GENERAL EXEMPTIONS ................................................................................................................................. 43
65. General exemptions............................................................................ ..............................................................43
Schedule 1.............................................................................................................................................................. 44
Schedule 2.............................................................................. ...............................................................................49
For better web experience, please use the website in portrait mode