DIFC to introduce new data protection laws from July 1 

By Rahul Vaimal, Associate Editor
  • Follow author on
Representational Image

Dubai International Financial Centre (DIFC)’s updated Data Protection Law (Law No. 5) with updated security and privacy compliances will come into effect July 1. Business units affiliated with DIFC will have leeway until October 1 to comply with it.

Current Data Protection Law – DIFC Law No. 1 of 2007 will remain in effect until October 1. The latest variant sets out expectations for controllers about several privacy and security principles.

The new Data Protection Law consolidates the best practices from a mixture of laws, such as the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act, and other “progressive, technology-agnostic concepts”.

“The requirements reflect the DIFC’s commitment to developing an enabling business ecosystem with robust regulatory and compliance guidelines for all organizations operating from the Centre.”
– DIFC Statement

“They will enable DIFC to continue to build upon the Centre’s reputation as a leading global financial center focused on innovation and collaboration, whilst also promoting ethical data sharing.

“Importantly, the Data Protection Law and Regulations provide a framework that will support DIFC’s bid for adequacy recognition by the European Commission, the UK and other jurisdictions, easing data transfer compliance requirements for DIFC businesses.”

Essa Kazim, Governor of DIFC

“DIFC continues to develop its robust regulatory ecosystem built on the principles of compliance, integrity and security. The enhanced Data Protection Law combines the best practices from world-class data protection laws. By setting out the regulation, DIFC also sets a clear requirement for all organizations to follow global best practices relating to data and privacy. It demonstrates our position as a forward-thinking international financial hub shaping the future of finance across the region and enables us to further consolidate the Centre’s reputation as a leading global financial center.”

General penalties for severe violations of the Data Protection Law, in addition to or instead of regulatory fines, as well as increased maximum fine limits, have been included.