Dubai enacts new Data Protection Law

Sheikh Mohammed bin Rashid Al Maktoum, Ruler of Dubai, and Vice President and Prime Minister of the United Arab Emirates, enacted the Dubai International Financial Center (DIFC) Data Protection Law No.5 of 2020. As known, Dubai is considered as an important international trade center for the entire Middle East, Africa and South Asia.

DIFC in its Press Release has mentioned that:

  • Law keeps Dubai and DIFC at the forefront of data protection in the region
  • Enhancements relate to global data, security and privacy best practice
  • Requirements relating to accountability, individuals’ control of personal data and fines for breaches included in new law

New changes

The new law has been replaced by the earlier law i.e. Data Protection Law DIFC Law No. 1 of 2007. The new law has been passed considering regulations laid down under practices from legislation such as GDPR (General Data Protection Regulation) and the CCPA (California Consumer Privacy Act), and other ancillary relevant laws.

Among other factors, this law has  laid down its expectations from the Controllers and Processors. It also regulates the other avenues of data privacy like data protection impact assessments, requirement of Data Protection Officers and protection of personal data of individuals. One of the other factors of the new law is the fines which have been introduced. The new law has introduced new fines which may be imposed in case of any breach. In addition the amount of the fines have also been increased. DIFC has provided time till 1st of October, 2020 for the relevant business to comply with the new data privacy law. This is seen a major step in the field of data privacy.


Considering the time period of 3 months provided for compliance, DIFC members in compliance to the new data privacy law may have to do the following:

  • conducting Data Protection Impact Assessment, in a timely manner
  • drafting a Record of Processing Activities
  • assessment of the roles of controllers and processors
  • creating data awareness in the organisation
  • reviewing or executing relevant data related agreements
  • efficient data breach protocol

We, at Symmetry Compliance have the know-how and certified personnel to provide your business with proven GDPR and data protection expertise across consultancy, compliance assessment, training and implementation services as well as offering Data Protection Officer (DPO) as an outsourced service.

Read here: Easyjet Data Breach: Will it cost millions?

Share This Story, Choose Your Platform!