Data protection and privacy are important considerations for all businesses. Failing to treat personal information in accordance with legislative requirements and best practice can have an adverse effect on a company's reputation, its employees and its customers.

Specific data protection regimes are now in place in many jurisdictions. Awareness of the implications of data protection and privacy issues is increasing around the globe, including in the Middle East, where there have been a number of developments in recent months.

The DIFC has had a data protection regime since 2004. The DIFC data protection regime was significantly overhauled by the DIFC's Data Protection Law 2007 (2007 Law).

The 2007 Law was designed to be consistent with, among others, EU data protection directives. The 2007 Law:

1. applies in the jurisdiction of the DIFC;

2. applies to certain information relating to identifiable individuals; and

3. sets out obligations relating to the collection, handling, disclosure and use of personal data.

Processing Personal data in the DIFC