Commissioner of Data Protection.

Ensuring data protection in DIFC.

The DIFC Commissioner of Data Protection is responsible for supervision and enforcement of the Data Protection Law, DIFC Law No. 5 of 2020. The law prescribes rules and obligations regarding the collection, handling, and use of personal data as well as rights and remedies for individuals who may be impacted by such processing. It is designed to balance the legitimate needs of businesses and organizations to process personal information with upholding an individual’s right to privacy.

 

Established in 2004 by Federal and Dubai law, DIFC was the first jurisdiction in the GCC, that same year, to enact a data protection law and regulations. In 2007, the independent Office of the Commissioner of Data Protection was established. The current data protection law was enacted in May 2020.

Data Protection Law, DIFC Law No. 5 of 2020 ("DP Law 2020") embodies international best practice and is consistent with EU and UK data protection regulations, as well as with OECD guidelines. The DIFC Commissioner of Data Protection responsible for supervision and enforcement of the DP Law 2020 is Jacques Visser.

 

Quick links

To help businesses operating in DIFC comply with DP Law 2020, this site has been designed to provide guidance, tools, frameworks, and other helpful resources, as well as to assist individuals who wish to find out more about the obligations and rights available to them under the Data Protection Law. Topic specific sub-menus with extensive details and information are provided below. To help you find regularly requested information quickly, the following list contains links to the most commonly used resources:

Individual Rights & Redress - including information about submitting complaints to the Commissioner's Office

List of Adequate Data Protection Regimes (Article 26) 

Model Clauses / Standard Contractual Clauses (Article 27(2)(c))

Article 28 Government Data Sharing compliance assessment

EDMRI and EDMRI+ due diligence assessment 

Step by Step Guide to Notifying Commissioner of Processing 

Personal Data Breach Reporting Form

Regulation 10

Frequently Asked Questions 

Tools & Templates - including easy to use assessment tools for compliance with DP Law 2020

 

Data Protection Law

DP Law 2020 prescribes rules and obligations regarding the collection, handling, and use of personal data as well as rights and remedies for individuals who may be impacted by such processing. It is designed to balance the legitimate needs of businesses and organisations to process personal information with upholding an individual’s right to privacy. Due to the robust, comprehensive nature of the DIFC DP Law 2020, it is the only jurisdiction in the GCC or Middle East to be evaluated by the United Kingdom as one of six Data Bridge priority partners.

Read more

 

Data Protection regulations

The DIFC Data Protection Regulations 2020 set out the procedures and requirements for specific obligations in the DP Law 2020, including notifications to the Commissioner, fines and sanctions, and international data transfers.

Read more

 

Why data protection matters

In an era of increased globalisation and rapid advances in technology, information has never been more readily available and transmittable. Businesses and in particular, banking and financial organisations, are processing and exchanging individual data electronically and across borders in greater volumes every day.

Personal Data includes any information relating to a living individual, that specifically identifies him or her. Biometric data, photos, even IP addresses can all be considered Personal Data in context. Special Category Data is that which is subjective or inherent to the person, such as ethnicity, religion or political or philosophical beliefs.

The result of the processing and mishandling –voluntary or involuntary- of any type of Personal Data can have significant consequences, including exposure to risk relating to financial or other serious damages. It is crucial that individuals’ right to privacy is protected by establishing effective data protection laws and enforcing legal safeguards to secure and protect Personal Data and its processing.

Read more

 

Topic specific sub-menus

Guidance

Accountability & Rights

Data Export & Sharing

Supervision & Enforcement

Personal Data Breach Reporting

Notifications

Regulation 10

Tools & Templates 

Key functions

Services offered

Related documents

  • Comprehensive Guide to Data Protection Law, DIFC Law No. 5 of 2020 and DP Regulations
  • Overview of DIFC Data Protection Regime
  • Webinar: Introduction to DIFC DP Law 2020
  • Webinar: FAQs
  • Consent