DIFC Data Protection Law

On 21 May 2020, the Dubai International Financial Centre (DIFC) enacted DIFC Law No. 5/2020 Data Protection Law. DIFC Law No. 5/2020 repeals and replaces DIFC Law No. 1/2007 Data Protection Law (as amended) and the Data Protection Regulations 2018. DIFC Law No. 5/2020 governs the protection of personal data processed by businesses established in the DIFC and in certain circumstances, businesses established outside the DIFC, but which process personal data in the DIFC, as well as entities who processes personal data on behalf of those businesses. The Commissioner is the appointed supervisory authority responsible for ensuring compliance with DIFC Law No. 5/2020. The DIFC has also issued the DIFC Data Protection Regulations (Version No. 2) which provide additional detail on certain aspects of DIFC Law No. 5/2020.