The Data Protection Law 2007 (DIFC Law No. 1 of 2007), was recently amended by the Data Protection Law Amendment Law 2012 (DIFC Law No. 5 of 2012), which became effective on 20 December 2012. The 'new' Data Protection Law amends the 'old' Data Protection Law, which prescribed rules and regulations regarding the collection, handling, disclosure and use of personal data in the DIFC, the rights of individuals to whom the personal data relates, and the role of the DIFC Authority with regard to data protection. The amended Data Protection Law retains the international best practice standards found in the 2007 law, and is broadly consistent with the 1995 EU Data Protection Directive. It is designed to balance the legitimate needs of businesses and organizations to process personal information with the importance of upholding an individual's right to privacy.