• Stay up-to-date with DIFC’s responses to COVID19
  • Read more

DIFC Data Protection

The Data Protection Law  prescribes rules and regulations regarding the collection, handling, disclosure and use of personal data in the DIFC, the rights of individuals to whom the personal data relates and the power of the Commissioner of Data Protection in performing their duties in respect of matters related to the processing of personal data as well as the administration and application of the Data Protection Law.

The Data Protection Law embodies international best practice standards, and is consistent with EU regulations and OECD guidelines and is designed to balance the legitimate needs of businesses and organizations to process personal information while upholding an individual’s right to privacy.

To help persons and businesses operating in the DIFC maintain compliance with the Data Protection Law, this site has been designed to provide a useful point of reference and guidance, as well as assist individuals who wish to find out more about the obligations and rights available to them under the Data Protection Law.

Data Protection Law

The Law prescribes rules and regulations regarding the collection, handling, and use of personal data in DIFC. The Law also offers protection to the rights of individuals on their personal data.

Read more

Data Protection Regulations

A strict set of rules that are consistent with Data Protection Directive of the European Commission which ensures harmonisation of the data and financial penalties for non-compliance.

Read more

Why Data Protection Matters

In an era of increased globalization and rapid advances in technology,information has never been more readily available and transmittable. Businesses and in particular, banking and financial organizations, are increasingly processing and exchanging individual data electronically and across borders. 

Personal Data includes any information relating to an individual, usually by linking it to be able to identify a specific person. Biometric data, photos, even IP addresses can all be considered Personal Data in context.  Sensitive personal data is that which is subjective or inherent to the person, such as ethnicity, religion or political or philosophical beliefs. The result of the processing and mishandling –voluntary or involuntary- of personal data can have significant consequences, including credit card and identity theft. It is crucial that individuals’ right to privacy is protected by establishing effective data protection laws and enforcing legal safeguards to secure and protect personal data and its processing. 

Read more

For better web experience, please use the website in portrait mode