Mohammed bin Rashid enacts new DIFC Data Protection Law
In his capacity as the Ruler of Dubai His Highness Sheikh Mohammed bin Rashid Al Maktoum, Vice President and Prime Minister of the UAE, has enacted the Dubai International Financial Centre, DIFC, Data Protection Law No. 05 of 2020.
The promulgation of the Law enables the pre-eminent international financial hub in the Middle East, Africa and South Asia, MEASA, region to strengthen its leadership in enhancing data protection practices.
The new law will come into effect from 1st July 2020. The current law, Data Protection Law DIFC Law No. 01 of 2007, will remain in effect until this date. The Data Protection Law further develops the current DIFC Data Protection regime which was already one of the most advanced in the region.
The Board of Directors of the DIFC Authority has also issued new Data Protection Regulations that set out the procedures for notifications to the Commissioner of Data Protection, accountability, record keeping, fines and adequate jurisdictions for cross-border transfers of personal data.
DIFC’s updated Data Protection Law and Regulations set out expectations for Controllers and Processors in the Centre regarding several key privacy and security principles. The Data Protection Law combines the best practices from a variety of current, world class data protection laws, such as the General Data Protection Regulation, GDPR, the California Consumer Privacy Act and other forward-thinking, technology agnostic concepts.
The requirements reflect the DIFC’s commitment to developing an enabling business ecosystem with robust regulatory and compliance guidelines for all organisations operating from the Centre. They will enable DIFC to continue to build upon the Centre’s reputation as a leading global financial centre focused on innovation and collaboration, whilst also promoting ethical data sharing.
Importantly, the Data Protection Law and Regulations provide a framework that will support DIFC’s bid for adequacy recognition by the European Commission, the United Kingdom and other jurisdictions, easing data transfer compliance requirements for DIFC businesses.