Data Protection

DIFC Data Protection

The Data Protection Law  prescribes rules and regulations regarding Controllers' or Processors' collection, handling, disclosure and use of personal data in the DIFC, the rights of individuals to whom the personal data relates and the power of the Commissioner of Data Protection in performing their duties in respect of matters related to the processing of personal data as well as the administration and application of the Data Protection Law. 

The Data Protection Law embodies international best practice standards, and is consistent with most other Data Protection regulations in the EU, UK, APAC, MENA and the Americas, as well as OECD guidelines. It is designed to balance the legitimate needs of businesses and organizations to process personal information while upholding an individual’s right to privacy.

To help persons and businesses operating in the DIFC maintain compliance with the Data Protection Law, this site has been designed to provide a useful point of reference and guidance, as well as assist individuals who wish to find out more about the obligations and rights available to them under the Data Protection Law.

The Commissioner of Data Protection is Jacques Visser.  


Data Protection Law

Data Protection Law, DIFC Law No 5 of 2020 ("DP Law 2020") prescribes rules and obligations regarding the collection, handling, and use of Personal Data as well as rights and remedies for individuals who may be impacted by such processing. 

Read more

Data Protection Regulations

The DIFC Data Protection Regulations 2020 set out the procedures and requirements for specific obligations in the DP Law 2020, including notifications to the Commissioner, fines and sanctions, and international data transfers.

Read more

Why Data Protection Matters

In an era of increased globalization and rapid advances in technology, information has never been more readily available and transmittable. Businesses and in particular, banking and financial organizations, are processing and exchanging individual data electronically and across borders in greater volumes every day. 

Personal Data includes any information relating to a living individual, that specifically indentifies him or her. Biometric data, photos, even IP addresses can all be considered Personal Data in context.  Special Cateogry Data is that which is subjective or inherent to the person, such as ethnicity, religion or political or philosophical beliefs. 

The result of the processing and mishandling –voluntary or involuntary- of any type of Personal Data can have significant consequences, including exposure to risk relating to financial or other serious damages. It is crucial that individuals’ right to privacy is protected by establishing effective data protection laws and enforcing legal safeguards to secure and protect Personal Data and its processing. 

Read more

For better web experience, please use the website in portrait mode