Data Protection Obligations: Organisational Governance
Overview
An organisation must implement and maintain effective policies, systems and procedures to comply with the data protection laws in the Dubai International Financial Centre (DIFC). This Practice Note will provide an overview of how an organisation can take responsibility for ensuring that it develops, implements and maintains effective policies, systems and procedures in order to comply with accountability duties under DIFC Law No. 5/2020 Data Protection Law.
Definitions
Controller: Any person who alone or jointly with others, determines the purposes and means of the processing of personal data.
Data subject: The identified or identifiable natural person to whom personal data relates to.
Commissioner: The person appointed by the President pursuant to article 43(1) of DIFC Law No. 5/2020 to administer the law.
Court: The DIFC Court as established under Dubai laws.
Controller: Any person who alone or jointly with others, determines the purposes and means of the processing of personal data.
DIFC: Dubai International Financial Centre.
DIFC bodies: Includes the Commissioner, DIFCA, DFSA, DIFC Courts, and any other person, body, office, registry or tribunal established under DIFC laws or established upon approval of the President that is not revoked by any DIFC laws.