DIFC

Guidance

Comprehensive Data Protection Guidance & Assessment Tools

 

Guidance and Handbooks

The guidance documents and tools on this page provide important insights on interpretation of DIFC DP Law 2020.  Please note that some guidance documents or handbooks may be repeated under certain headings as they cover elements of several important data protection concepts. 

Also, please note that the Commissioner's guidance and handbooks are not meant to express an opinion on lawfulness of specific business activities, nor do they have the force of law, and are not intended to constitute legal advice. Please contact legal counsel for assistance in determining your business's data protection and privacy requirements in respect of the topics addressed below, to ensure compliance with the applicable laws and regulations. The Commissioner does not make any warranty or assume any legal liability for the accuracy or completeness of the information herein as it may apply to the particular circumstances of an individual or a firm.  

 


General Requirements for DP Law 2020


Lawful Processing


Accountability & Notifications


Data Protection Officers


Risk Assessments (DPIAs, DPO Annual Assessment)


Obligations of Controllers & Processors


Data Export & Sharing


Information Provision & Rights of Individuals


Personal Data Breaches


Remedies, Liability and Sanctions


Data Protection Tuesday Talks


External Guidance, Policies & Other Presentations


Data Protection Assessment Tools

Please note that these assessment tools are not meant to express an opinion on lawfulness of specific business activities, the outcomes provided do not have the force of law, and they are not intended to constitute legal advice. Please contact legal counsel for assistance in determining your business's data protection and privacy requirements in respect of the topics addressed below, to ensure compliance with the applicable laws and regulations. The Commissioner does not make any warranty or assume any legal liability for the accuracy or completeness of the information herein as it may apply to the particular circumstances of an individual or a firm.  


DP Assessment Tool – Applicability (Article 6)
Conduct assessment

DP Assessment Tool – Notifications to the Commissioner of Processing Operations (Article 14(7))
conduct assessment

DP Assessment Tool – Data Protection Officers (Articles 16 to 19)
conduct assessment

DP Assessment Tool - High Risk Processing (Article 16)
conduct assessment

DP Assessment Tool - Controller and Processor Obligations
(Articles 23 to 25)
Conduct Assessment

DP Assessment Tool – Data Export / International Transfers
(Articles 26 & 27)
conduct assessment

DP Assessment Tool - EDMRI+ Due Diligence Assessment (Articles 26 & 27)
Conduct Assessment

DP Assessment Tool - Government Data Sharing (Article 28)
conduct assessment

DP Assessment Tool - Privacy Notices (Articles 29 & 30)
Conduct Assessment

DP Assessment Tool - Rights Request Response Assessment
(Articles 32 to 40)
Conduct Assessment

DP Assessment Tool – Personal Data Breach Reporting Obligations
(Articles 41 & 42)
Conduct Assessment

DP Assessment Tool - Marketing and Electronic Communications
Conduct Assessment

For better web experience, please use the website in portrait mode