Data Breach: Commissioner Notification

Overview

An organisation is to report data breaches to the Commissioner as per DIFC Law No. 5/2020 Data Protection Law and report any relevant breach of security to the regulator within the required timescale and by providing all appropriate details.

Definitions

  • Applicable law: All applicable laws, statutes, codes, ordinances, decrees, rules, regulations, municipal by-laws, judgments, orders, decisions, rulings or awards of any government, quasi-government, statutory or regulatory bodies, ministries, government agencies or departments, courts, agencies or associations of a competent jurisdiction.

  • Controller: Any person who alone or jointly with others, determines the purposes and means of the processing of personal data.

  • Data subject: The identified or identifiable natural person to whom personal data relates to.

  • Commissioner: The person appointed by the President pursuant to article 43(1) of DIFC Law No. 5/2020 to administer the law.

  • Court: The DIFC Court as established under Dubai laws.

  • Controller: Any person who alone or jointly with others, determines the purposes and means of the processing of personal data.

  • DIFC: Dubai International Financial Centre.