General Data Protection Rules

Overview

This Practice Note addresses the data protection legal framework within the DIFC.

Definitions

  • Commissioner: Independent regulator set up to uphold data privacy for individuals in or from DIFC.

  • Controller: Person who determines the purposes for which and the manner in which any personal data is to be processed.

  • Data Protection Officer: Data Protection Officer.

  • Data Subject: Individual to whom the Personal Data relates. For example, where an organisation holds Personal Data about its employees, the employees are Data Subjects.

  • DIFC: Dubai International Financial Centre.

  • DFSA: Dubai Financial Services Authority.

  • GDPR: General Data Protection Regulation.

  • Personal Data: Any information relating to an identified natural person. For example, Personal Data may include an individual's name, age, home address, race, sexual orientation, income, blood type, marital status, education, and employment information.

  • Processor: Person who processes personal data on behalf of a Controller.

  • Special Categories of Personal Data: Personal Data relating to racial or ethnic origin, communal origin, political affiliations or opinions, religious or philosophical beliefs, criminal record, trade-union membership and health or sex life and including genetic data and biometric data where it is used for the purpose of uniquely identifying a natural person.