Data Protection
Overview
On 20 September 2021, the United Arab Emirates (UAE) issued a new data protection law, Federal Decree-Law No. 45/2021 on the Protection of Personal Data. Prior to this, the UAE did not have a comprehensive data protection law on a federal level. An individual’s right to privacy is also protected under several federal UAE laws.
This Comparative Note addresses the data protection legal framework and regimes within the DIFC and across the UAE.
Definitions
MEASA: Middle East, Africa and South Asia.
DRA: Dispute Resolution Authority.
MoG: Memorandum of Guidance.
DHCC: Dubai Healthcare City.
DIFC: Dubai International Financial Centre.
DFSA: Dubai Financial Services Authority.
Commissioner: Independent regulator set up to uphold data privacy for individuals in or from DIFC.
Processor: Person who processes personal data on behalf of a Controller.
Controller: Person in the DIFC who determines the purposes for which, and the manner in which, any personal data is to be Processed.
Data Subject: Individual to whom the personal data relates. For example, where an organisation holds personal data about its employees, the employees are Data Subjects.