• Stay up-to-date with DIFC’s responses to COVID19
  • Read more
  • Virtual assets and FATF guidelines – a risk-based approach for financial institutions
  • 28 Sep 2021, 3:00 pm - 4:00 pm
  • View Event


Taking responsibility for ethical management of personal data, and being transparent about how your organisation protects people’s rights results in better overall compliance and creates a competitive edge based on developing and keeping people’s trust. Furthermore, if something does go wrong while your organisation is the custodian of a person’s data, accountability means showing that you actively considered the risks and put in place measures and safeguards to mitigation these risks. By doing so, you are protecting your organisation as well against any potential enforcement action. Lastly, this commitment will be a good example to other organisations you deal with about how to ethically and responsibly manage personal data. On the other hand, if you can’t show good data protection practices, it may leave you open to breaking the trust you have built, as well as possibly incurring fines and reputational damage.

Accountability Tools

Applicability Assessment Tool – Does the DIFC DP Law 2020 apply to my entity?

View tool

High Risk Processing Assessment Tool – Do I conduct HRP?

View tool

DPO Assessment Tool – Do I need to appoint a DPO?

View tool

DP Maturity Assessment tool – Please note, this tool is provided by a third party. The Maturity Assessment tool provides a overall view of your entity’s current DP compliance, where you would like it to be and recommendations about how to achieve it. Please note clicking this link will take you to a third party website, where you will be required to create a user account. Registration is free. The third party provider is subject to the DIFC DP Law 2020 and other DP laws. Please review their privacy policy to understand how they process personal data and assurance of individual rights.

Data Protection Templates

These templates will assist in ensuring accountability for processing activities. These templates are only provided for guidance and format purposes. Provision of them is not to be construed as legal advice. Legal consultants or other duly designated persons acting for the entity may revise, add or remove anything in these templates as appropriate, and the entity remains responsible for its own compliance with DP Law 2020.

Sample DP Internal Policy

VIew File

Sample Online DP Notice

View File

Sample Record of Processing Activities

View File

Compliance Checklist and DPIA

View file

Sample DPO Annual Assessment

View file

For better web experience, please use the website in portrait mode