Personal Data Protection Regulation in Dubai, UAE
In early 2022, Federal Decree-Law No. 45 on Personal Data Protection came into force in the UAE, marking a new stage in the regulation of the processing of information about individuals. Designed to harmonize the Emirates' legislative framework with international standards, this decree introduces strict rules for handling personal data and establishes liability for their violation. Let's look at the key aspects of this important document.
The primary purpose of the Decree is to ensure reliable protection of personal information about citizens and residents of the region. It aims to establish a clear procedure for collecting, processing, storing such information, while ensuring that the rights of data subjects (individuals) are respected. The key principles are transparency and accountability. Organizations handling personal data must clearly inform data subjects about the purposes of processing the information and how to protect it.
The decree defines two key roles:
The Controller (Data Controller), who determines the purposes and methods of processing personal data. He is responsible for developing a data processing policy and ensuring that the Operator complies with it.
The Operator (Data Processor), who processes personal data on behalf of and in the name of the Controller, following his instructions. He is responsible for the technical realization of the data processing process.
Personal data is generally considered to be any data relating to a recognizable natural person. This includes, but is not limited to: full name, voice data, photo, geographical location, as well as physical, genetic, cultural and social characteristics.
The regulations do not apply to all organizations. Exceptions include:
- State organizations. They are governed by their own internal rules and regulations in the field of study.
- Companies in freezones. ADGM and DIFC also have internal rules about personal information.
- Some financial and healthcare institutions. Many of them may have their own, stricter, internal regulations corresponding to the specifics of their activities. However, this does not preclude full compliance with other articles of the law that do not contradict their internal guidelines.
Processing of personal information, as a rule, is possible only with the consent of its subject. The exception is in situations where obtaining the data is required by law, such as for the performance of a contract or to fulfill the requirements of law enforcement agencies.
The entry into force of Federal Decree-Law No. 45 is a significant step for the UAE in ensuring the protection of personal data. It establishes a clear framework for processing information, enhancing privacy for nationals and residents. Companies operating in the region or working with Emirati-based clients need to carefully review the law's provisions and ensure full compliance with their internal procedures. Failure to comply will result in serious administrative and financial penalties. It is important to realize that this is not just a formality, but a necessary measure to ensure trust and security in the digital environment.
Get a free consultation
with an individual analysis of your situation
By clicking on the "Get a consultation" button, you agree to the Privacy Policy
Might be interesting:
«Legal and accounting services in UAE»
© Uae-openbiz. All rights reserved
BUSINESS SERVICES