Data Security: Technical and Organisational Measures

Overview

In the United Arab Emirates (UAE), Federal Decree-Law No. 45/2021 On the Protection of Personal Data is particularly legislated for securing the protection of personal data. In this context, Federal Decree-Law No. 45/2021 has stressed upon the protection of personal data from every aspect. Articles 7-8 of Federal Decree-Law No. 45/2021 has made it obligatory for controllers and processors to incorporate such technical and organisational measures that would ensure the protection of the personal data to be processed, while article 20 of Federal Decree-Law No. 45/2021 on “personal data security” requires the controllers or processors to incorporate technical and organisational measures to achieve the information security level (to achieve the highest level of personal data security).

Definitions

  • Personal data: Any data relating to an identified natural person, or one who can be identified directly or indirectly by way of linking data, using identifiers such as name, voice, picture, identification number, online identifier, geographic location, or one or more special features that express the physical, psychological, economic, cultural or social identity of such person. It also includes sensitive personal data and biometric data.