Introduction of General Data Protection Regulation (GDPR)Announcement22 May 2018
In line with our efforts to ensure alignment with international best practices, we would like to update you on the General Data Protection Regulation (GDPR).
GDPR is a European Union (EU) law that updates how entities that collect and use personal data must process it transparently, lawfully and fairly and will be enforceable from 25 May 2018. This means that EU regulators can from that date investigate whether a business is compliant with the law and, if not, take legal action accordingly.
While the current DIFC law, Data Protection Law DIFC Law No. 1 of 2007, remains fully in force, please note that the GDPR is very broadly applicable, including potentially to DIFC registered entities, both regulated and non-regulated.
You may wish to seek external legal advice to understand whether your business should be aligned with the GDPR.
For further information on how DIFC manages personal data, please visit the DIFC Online Data Protection Policy.