Guidance | DIFC

Stay up-to-date with DIFC’s response to Covid-19
Read more

- Business
  Business
  
  We know that a supportive business environment is key to helping your company thrive. Learn more about what DIFC has to offer, from easy set-up processes to an enabling infrastructure and a variety of office spaces.
  
  Starting a Business in DIFC
  
  Operating in DIFC
  
  Areas of Business
  
  Laws & Regulations
  
  DIFC Innovation Hub
  
  Types of Spaces
  
  latest News
  
  DIFC Expands Innovation Hub; Launches First Residential Offering – DIFC Living and Innovation Two
  
  23 Nov 2022
  
  Upcoming Events
  
  Flair 5 at the Ritz-Carlton, DIFC
  
  01 Jul 2022 - 31 Dec 2022, All Day
  
  Ritz-Carlton DIFC
- Lifestyle
  Lifestyle
  
  The DIFC is more than just a world-class financial centre. Explore the district beyond the office, from a carefully curated collection of retailers, to a diverse range of art galleries and some of the city’s best restaurants.
  
  Experiences
  
  Shop
  
  Dine
  
  Discover
  
  Unwind
  
  Locations
  
  Gate Avenue
  
  Gate District
  
  Gate Village
  
  latest News
  
  Sustainability takes centre stage for DIFC’s 14th edition of Art Nights
  
  10 Nov 2022
  
  Download our DIFC Connect App
- Events5
- Laws
- Newsroom
  Newsroom
  
  Stay up to date with the latest news, announcements and insights from across the Centre by visiting our Newsroom.
  
  News
  
  Blog
  
  Gallery
  
  Publications
  
  Media Kit
  
  latest News
  
  DIFC Expands Innovation Hub; Launches First Residential Offering – DIFC Living and Innovation Two
  
  23 Nov 2022
  
  Upcoming Events
  
  Flair 5 at the Ritz-Carlton, DIFC
  
  01 Jul 2022 - 31 Dec 2022, All Day
  
  Ritz-Carlton DIFC
- About
  About
  
  Dubai International Financial Centre (DIFC) is one of the world’s most advanced financial centres, and the leading financial hub for the Middle East, Africa and South Asia (MEASA), which comprises 72 countries with an approximate population of 3 billion and a nominal GDP of US$ 8 trillion.
  
  The DIFC District
  
  DIFC Boards
  
  DIFC Management Team
  
  Sustainability
  
  Our Path to COP28
  
  DSFWG
  
  Careers
- Contact
- Public Register
- Login
  
  Log-in now to access a number of services available to our clients and visitors at the click of a button.
  
  client portal retail portal
  
  venue booking visitor parking
Make an enquiry

Comprehensive Data Protection Guidance & Assessment Tools

Guidance and Handbooks

The guidance documents and tools on this page provide important insights on interpretation of DIFC DP Law 2020. Please note that some guidance documents or handbooks may be repeated under certain headings as they cover elements of several important data protection concepts.

Also, please note that the Commissioner's guidance and handbooks are not meant to express an opinion on lawfulness of specific business activities, nor do they have the force of law, and are not intended to constitute legal advice. Please contact legal counsel for assistance in determining data protection and privacy policies in respect of the topics addressed below, to ensure compliance with the applicable laws and regulations. The Commissioner does not make any warranty or assume any legal liability for the accuracy or completeness of the information herein as it may apply to the particular circumstances of an individual or a firm.

General Requirements for DP Law 2020

Comprehensive Guide to Data Protection Law, DIFC Law No. 5 of 2020 and DP Regulations

Overview of DIFC Data Protection Regime

Webinar: Introduction to DIFC DP Law 2020

Lawful Processing

Accountability & Notifications

Comprehensive Guide to Notification of Processing Operations

Step by Step Portal Guide to Notifying the DIFC DP Commissioner of Processing Operations

Step by Step Portal Guide to DP Inspections

Sample DIFC Record of Processing Activities

Webinar: Accountability, Supervision and Enforcement

Webinar: Applicability and Notifications

Data Protection Officers

High Risk Processing & DPO Appointments

Webinar: DPO Appointments

Risk Assessments (DPIAs, DPO Annual Assessment)

DPO Annual Assessment - Checklist & FAQs

Sample Submitted DPO Annual Assessment and Risk Matrix

Sample Compliance Checklist and DPIA

Obligations of Controllers & Processors

Controller & Processor Agreements

Retention & Storage of Personal Data

Data Export & Sharing

DIFC Data Export & Sharing Handbook

Guidance on Article 28 of DIFC DP Law 2020

DIFC DP Law 2020 - Article 28 FAQs

DIFC EDMRI Guidance - October 2022

DIFC EDMRI FAQs

Webinar: Data Export and Sharing

DIFC A 27 SCCs - DIFC Exporter transferring to Non-DIFC Importer

Information Provision & Rights of Individuals

Individuals' Rights to Access & Control Personal Data

Individual Rights & Remedies Checklist

Complaints & Mediation Processes

Direct Marketing & Electronic Communications

Personal Data Breaches

Personal Data Breach Notifications

Webinar: Personal Data Breaches

Remedies, Liability and Sanctions

Commissioner's Powers, Fines & Sanctions

Individual Rights & Remedies Checklist

Complaints & Mediation Processes

Data Protection Tuesday Talks

DIFC DP Talks #1: Overview and DP Website

DIFC DP Talks #2: Amendments and Consultation

DIFC DP Talks #3: Notifications

DIFC DP Talks #4: Inspections

DIFC DP Talks #5: DPO Annual Assessment

DIFC DP Talks #6: Article 28

DIFC DP Talks #7: Supervision & Enforcement

External Guidance, Policies & Other Presentations

Covid 19 Data Collection FAQs

DIFC Privacy Day 2022 - Jan 25 Webinar on UAE DP Law

DIFC Privacy Day 2022 - Jan 27 Webinar on DIFC Data Export and Sharing

Webinar: Continuous Improvement and Compliance 2022

OECD: Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security 21 December 2005

OECD: Privacy Online: Policy and Practical Guidance 21 January 2003

Data Protection Assessment Tools

Please note that these assessment tools are not meant to express an opinion on lawfulness of specific business activities, the outcomes provided do not have the force of law, and they are not intended to constitute legal advice. Please contact legal counsel for assistance in determining data protection and privacy policies in respect of the topics addressed below, to ensure compliance with the applicable laws and regulations. The Commissioner does not make any warranty or assume any legal liability for the accuracy or completeness of the information herein as it may apply to the particular circumstances of an individual or a firm.

DP Assessment Tool – Applicability

Conduct assessment

DP Assessment Tool – Notifications to the Commissioner of Processing Operations

conduct assessment

DP Assessment Tool – Data Protection Officers

conduct assessment

DP Assessment Tool - Privacy Notices (Articles 29 & 30)

Conduct Assessment

DP Assessment Tool - High Risk Processing

conduct assessment

DP Assessment Tool - EDMRI+ Due Diligence Assessment

Conduct Assessment

DP Assessment Tool – Data Export / International Transfers

conduct assessment

DP Assessment Tool - Article 28 Data Sharing

conduct assessment

DP Assessment Tool - Rights Request Response Assessment

Conduct Assessment

DP Assessment Tool – Personal Data Breach Reporting Obligations

Conduct Assessment

DP Assessment Tool - Marketing and Electronic Communications

Conduct Assessment

DIFC Connect App
Download for ios Download for ios

Scan the QR code for
direct download
Download for android Download for android

Scan the QR code for
direct download

For better web experience, please use the website in portrait mode