DIFC

Guidance

Comprehensive Data Protection Guidance & Assessment Tools

 

Guidance and Handbooks

The guidance documents and tools on this page provide important insights on interpretation of DIFC DP Law 2020.  Please note that some guidance documents or handbooks may be repeated under certain headings as they cover elements of several important data protection concepts. 

Also, please note that the Commissioner's guidance and handbooks are not meant to express an opinion on lawfulness of specific business activities, nor do they have the force of law, and are not intended to constitute legal advice. Please contact legal counsel for assistance in determining your business's data protection and privacy requirements in respect of the topics addressed below, to ensure compliance with the applicable laws and regulations. The Commissioner does not make any warranty or assume any legal liability for the accuracy or completeness of the information herein as it may apply to the particular circumstances of an individual or a firm.  

 


General Requirements for DP Law 2020

Comprehensive Guide to Data Protection Law, DIFC Law No. 5 of 2020 and DP Regulations
Download
Overview of DIFC Data Protection Regime
Download
Webinar: Introduction to DIFC DP Law 2020
Download
Webinar: FAQs
Download


Lawful Processing

Consent
Download


Accountability & Notifications

Comprehensive Guide to Notification of Processing Operations
Download
Step by Step Portal Guide to Notifying the DIFC DP Commissioner of Processing Operations
Download
Step by Step Portal Guide to DP Inspections
Download
Sample DIFC Record of Processing Activities
Download
Webinar: Accountability, Supervision and Enforcement
Download
Webinar: Applicability and Notifications
Download


Data Protection Officers

High Risk Processing & DPO Appointments
Download
Webinar: DPO Appointments
Download


Risk Assessments (DPIAs, DPO Annual Assessment)

DPO Annual Assessment - Checklist & FAQs
Download
Sample Submitted DPO Annual Assessment and Risk Matrix
Download
Sample Compliance Checklist and DPIA
Download


Obligations of Controllers & Processors

Controller & Processor Agreements
Download
Retention & Storage of Personal Data
Download


Data Export & Sharing

DIFC Data Export & Sharing Handbook
Download
Guidance on Article 28 of DIFC DP Law 2020
Download
DIFC DP Law 2020 - Article 28 FAQs
Download
DIFC EDMRI Guidance - October 2022
Download
DIFC EDMRI FAQs
Download
Webinar: Data Export and Sharing
Download
DIFC A 27 SCCs - DIFC Exporter transferring to Non-DIFC Importer
Download


Information Provision & Rights of Individuals

Individuals' Rights to Access & Control Personal Data
Download
Individual Rights & Remedies Checklist
Download
Complaints & Mediation Processes
Download
Direct Marketing & Electronic Communications
Download


Personal Data Breaches

Personal Data Breach Notifications
Download
Webinar: Personal Data Breaches
Download


Remedies, Liability and Sanctions

Commissioner's Powers, Fines & Sanctions
Download
Individual Rights & Remedies Checklist
Download
Complaints & Mediation Processes
Download


Data Protection Tuesday Talks

DIFC DP Talks #1: Overview and DP Website
Download
DIFC DP Talks #2: Amendments and Consultation
Download
DIFC DP Talks #3: Notifications
Download
DIFC DP Talks #4: Inspections
Download
DIFC DP Talks #5: DPO Annual Assessment
Download
DIFC DP Talks #6: Article 28
Download
DIFC DP Talks #7: Supervision & Enforcement
Download
DIFC DP Talks #8: Benefits of a DPMP
Download
DIFC DP Talks #9: Localisation and CLOUD Act
Download


External Guidance, Policies & Other Presentations

Covid 19 Data Collection FAQs
Download
DIFC Privacy Day 2022 - Jan 25 Webinar on UAE DP Law
Download
DIFC Privacy Day 2022 - Jan 27 Webinar on DIFC Data Export and Sharing
Download
Webinar: Continuous Improvement and Compliance 2022
Download
OECD: Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security 21 December 2005
Download
OECD: Privacy Online: Policy and Practical Guidance 21 January 2003
Download


Data Protection Assessment Tools

Please note that these assessment tools are not meant to express an opinion on lawfulness of specific business activities, the outcomes provided do not have the force of law, and they are not intended to constitute legal advice. Please contact legal counsel for assistance in determining your business's data protection and privacy requirements in respect of the topics addressed below, to ensure compliance with the applicable laws and regulations. The Commissioner does not make any warranty or assume any legal liability for the accuracy or completeness of the information herein as it may apply to the particular circumstances of an individual or a firm.  


DP Assessment Tool – Applicability (Article 6)
Conduct assessment

DP Assessment Tool – Notifications to the Commissioner of Processing Operations (Article 14(7))
conduct assessment

DP Assessment Tool – Data Protection Officers (Articles 16 to 19)
conduct assessment

DP Assessment Tool - High Risk Processing (Article 16)
conduct assessment

DP Assessment Tool - Controller and Processor Obligations
(Articles 23 to 25)
Conduct Assessment

DP Assessment Tool – Data Export / International Transfers
(Articles 26 & 27)
conduct assessment

DP Assessment Tool - EDMRI+ Due Diligence Assessment (Articles 26 & 27)
Conduct Assessment

DP Assessment Tool - Government Data Sharing (Article 28)
conduct assessment

DP Assessment Tool - Privacy Notices (Articles 29 & 30)
Conduct Assessment

DP Assessment Tool - Rights Request Response Assessment
(Articles 32 to 40)
Conduct Assessment

DP Assessment Tool – Personal Data Breach Reporting Obligations
(Articles 41 & 42)
Conduct Assessment

DP Assessment Tool - Marketing and Electronic Communications
Conduct Assessment

For better web experience, please use the website in portrait mode