Securiti leads GigaOm's DSPM Vendor Evaluation with top ratings across technical capabilities & business value.

View
Contact Us See a demo

Overview of UAE Data Protection Law

uae data protection law banner
Published December 27, 2021
Author

Maria Khan

Data Privacy Legal Manager at Securiti

FIP, CIPT, CIPM, CIPP/E

Listen to the content

This post is also available in: Brazilian Portuguese

In November 2021 His Highness Sheikh Khalifa bin Zayed Al Nahyan, the President of the United Arab Emirates, approved Federal Decree-Law No 45 2021 on Protection of Personal Data (PDPL).Its purpose is in line with several other data protection laws that have been drafted and enacted in other parts of the world. It is a comprehensive law that deals with data privacy and the rights of UAE citizens over how they choose to share their data with data handlers.

The law is part of the UAE’s grander “Principles of the 50” - a charter of 10 strategic principles meant to be implemented within the kingdom in the next 50 years to ensure social, political, and economic stability.

Who’s Supposed To Comply

Like the GDPR, the PDPL is explicit in singling out which businesses are supposed to comply with the legislation.

As per Article 2(1) of the PDPL, all businesses registered in the UAE that are processing personal data of data subjects inside or outside the UAE are supposed to comply with the PDPL. Moreover, companies that are collecting data on UAE residents on behalf of other organisations have to follow this law just the same.

Under Article 2(2), there are certain entities exempt from the provisions of the new law, such as government data, public entities’ data, health and credit data subject to their own dedicated legislation, and most importantly, entities established within the free zones such as the DIFC and ADGM that have their own data protection laws.

Businesses that are part of the Dubai International Financial Centre (DIFC) and Abu Dhabi Global Market (ADGM) free zones but process data on behalf of companies that are not a part of the DIFC and ADGM are also covered by the law in limited cases.

What Data Is Covered?

The PDPL is explicit in protecting all data subjects’ collected personal and sensitive data. The following data is covered under the UAE’s new data protection law:

  • Name
  • Voice
  • Picture
  • Identification number
  • Race
  • Ethnicity
  • Religion
  • Sexual preference
  • Biometric data
  • Criminal record
  • Health records
  • Geographical location

What Rights Do Data Subjects Have?

Under the new PDPL, all users, or data subjects in UAE have certain rights that a data handler is required to ensure under any and all circumstances. These include:

Right to Access Information

All data subjects have the right to know what data or information a business has collected on them. Similarly, the data subject can request to know why the data was collected, where the data is stored, what safety precautions are being taken to protect their data, and what actions will be taken in the event of a data breach.

Right to Data Portability

Similar to having the right to access their information, all data subjects have the right to receive any and all such information in an easy-to-read and transferable format that can be easily accessed across all major platforms and mediums.

Right to Restricting Processing

All data subjects have the right to restrict any business from processing any further data related to them. It is the business's responsibility to ensure no further data is collected on the data subject  once they have exercised this claim.

Right to Erasure of Data

All data subjects have the right to request any business to delete any and all data that may have been collected on the data subject.

Right to Object to Automated Processing

All data subjects have the right to restrict a business from using any and all data collected on the data subject to aid automated decision-making that may affect the data subject.

Right to Rectification

All data subjects have the right to request a data handler to change, amend, or modify data collected on data subjects in case it is outdated, incomplete, or incorrect.

Penalties For Non-Compliance

This is arguably the most ambiguous part of the new PDPL. Unlike most data protection laws, the PDPL is not explicit about what penalties will be imposed on companies that are found to be non-compliant with the provisions of the new law.

As things stand, the Council of Ministers and the courts will recommend appropriate administrative fines for any business found breaching any of the new law’s provisions. There are plans to introduce standardized penalties for such breaches via Executive Regulation that will be carried out by the UAE Data Office once the law officially comes into effect on January 2, 2022.

For a detailed understanding of the UAE’s PDPL, please also refer to our comprehensive article on the PDPL here.

How Can Securiti Help?

Users across the world are becoming increasingly conscious and vocal about their rights to data privacy and data protection. Naturally, legislations are being drafted globally that would mandate businesses to undertake proactive measures to ensure all data collected on data subjects is not only protected but also gained with appropriate consent.

Simultaneously, the sheer volume of data being processed renders it necessary for businesses to turn towards automated solutions to guarantee compliance with the various data protection laws globally.

Securiti prides itself on its pioneer data-driven PrivacyOps framework that offers multiple artificial intelligence and machine learning-powered tools meant to ensure data compliance for businesses of all sizes. Request a demo today to see these tools in action and see for yourself how Securiti can help you achieve PDPL compliance at the click of a button.

Join Our Newsletter

Get all the latest information, law updates and more delivered to your inbox

Share
More Stories that May Interest You
Dubai Data Protection Law banner View More
July 18, 2023
New Dubai Data Protection Law
In this era where data privacy regulations are sprouting up almost daily, another city has taken data privacy rights into consideration and devised a...
South Africa’s POPIA View More
December 27, 2021
UAE PDPL
UAE Personal Data Protection Law (PDPL) The UAE Cabinet issued its highly anticipated Federal Decree-Law No. 45 of 2021 regarding the Protection of Personal...
UAE Data Protection Law Compliance Checklist banner View More
December 24, 2021
UAE Data Protection Law Compliance Checklist
The United Arab Emirates (UAE) recently passed the Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL) in November 2021....
Please enter a minimum of 3 characters to begin your search.
Videos
View More
January 20, 2025
Mitigating OWASP Top 10 for LLM Applications 2025
Generative AI (GenAI) has transformed how enterprises operate, scale, and grow. There’s an AI application for every purpose, from increasing employee productivity to streamlining...
View More
January 15, 2025
Top 6 DSPM Use Cases
With the advent of Generative AI (GenAI), data has become more dynamic. New data is generated faster than ever, transmitted to various systems, applications,...
View More
January 2, 2025
Colorado Privacy Act (CPA)
What is the Colorado Privacy Act? The CPA is a comprehensive privacy law signed on July 7, 2021. It established new standards for personal...
View More
December 24, 2024
Securiti for Copilot in SaaS
Accelerate Copilot Adoption Securely & Confidently Organizations are eager to adopt Microsoft 365 Copilot for increased productivity and efficiency. However, security concerns like data...
View More
November 1, 2024
Top 10 Considerations for Safely Using Unstructured Data with GenAI
A staggering 90% of an organization's data is unstructured. This data is rapidly being used to fuel GenAI applications like chatbots and AI search....
View More
October 29, 2024
Gencore AI: Building Safe, Enterprise-grade AI Systems in Minutes
As enterprises adopt generative AI, data and AI teams face numerous hurdles: securely connecting unstructured and structured data sources, maintaining proper controls and governance,...
View More
August 12, 2024
Navigating CPRA: Key Insights for Businesses
What is CPRA? The California Privacy Rights Act (CPRA) is California's state legislation aimed at protecting residents' digital privacy. It became effective on January...
View More
June 3, 2024
Navigating the Shift: Transitioning to PCI DSS v4.0
What is PCI DSS? PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards to ensure safe processing, storage, and...
View More
January 29, 2024
Securing Data+AI : Playbook for Trust, Risk, and Security Management (TRiSM)
AI's growing security risks have 48% of global CISOs alarmed. Join this keynote to learn about a practical playbook for enabling AI Trust, Risk,...
AWS Startup Showcase Cybersecurity Governance With Generative AI View More
October 17, 2023
AWS Startup Showcase Cybersecurity Governance With Generative AI
Balancing Innovation and Governance with Generative AI Generative AI has the potential to disrupt all aspects of business, with powerful new capabilities. However, with...

Spotlight Talks

Spotlight 11:29
Not Hype — Dye & Durham’s Analytics Head Shows What AI at Work Really Looks Like
Not Hype — Dye & Durham’s Analytics Head Shows What AI at Work Really Looks Like
Watch Now View
Spotlight 11:18
Rewiring Real Estate Finance — How Walker & Dunlop Is Giving Its $135B Portfolio a Data-First Refresh
Watch Now View
Spotlight 13:38
Accelerating Miracles — How Sanofi is Embedding AI to Significantly Reduce Drug Development Timelines
Sanofi Thumbnail
Watch Now View
Spotlight 10:35
There’s Been a Material Shift in the Data Center of Gravity
Watch Now View
Spotlight 14:21
AI Governance Is Much More than Technology Risk Mitigation
AI Governance Is Much More than Technology Risk Mitigation
Watch Now View
Spotlight 12:!3
You Can’t Build Pipelines, Warehouses, or AI Platforms Without Business Knowledge
Watch Now View
Spotlight 47:42
Cybersecurity – Where Leaders are Buying, Building, and Partnering
Rehan Jalil
Watch Now View
Spotlight 27:29
Building Safe AI with Databricks and Gencore
Rehan Jalil
Watch Now View
Spotlight 46:02
Building Safe Enterprise AI: A Practical Roadmap
Watch Now View
Spotlight 13:32
Ensuring Solid Governance Is Like Squeezing Jello
Watch Now View
Latest
View More
June 27, 2025
Databricks AI Summit (DAIS) 2025 Wrap Up
5 New Developments in Databricks and How Securiti Customers Benefit Concerns over the risk of leaking sensitive data are currently the number one blocker...
Inside Echoleak View More
June 25, 2025
Inside Echoleak
How Indirect Prompt Injections Exploit the AI Layer and How to Secure Your Data What is Echoleak? Echoleak (CVE-2025-32711) is a vulnerability discovered in...
What is AI Security Posture Management (AI-SPM)? View More
July 2, 2025
What is AI Security Posture Management (AI-SPM)?
AI SPM stands for AI Security Posture Management. It represents a comprehensive approach to ensure the security and integrity of AI systems throughout the...
View More
July 2, 2025
Data Security & GDPR Compliance: What You Need to Know
Learn the importance of data security in ensuring GDPR compliance. Implement robust data security measures to prevent non-compliance with the GDPR.
Beyond DLP: Guide to Modern Data Protection with DSPM View More
June 9, 2025
Beyond DLP: Guide to Modern Data Protection with DSPM
Learn why traditional data security tools fall short in the cloud and AI era. Learn how DSPM helps secure sensitive data and ensure compliance.
Mastering Cookie Consent: Global Compliance & Customer Trust View More
May 28, 2025
Mastering Cookie Consent: Global Compliance & Customer Trust
Discover how to master cookie consent with strategies for global compliance and building customer trust while aligning with key data privacy regulations.
Understanding Data Regulations in Australia’s Telecom Sector View More
June 26, 2025
Understanding Data Regulations in Australia’s Telecom Sector
Gain insights into the key data regulations in Australia’s telecommunication sector. Learn how Securiti helps ensure swift compliance.
Top 3 Key Predictions on GenAI's Transformational Impact in 2025 View More
June 26, 2025
Top 3 Key Predictions on GenAI’s Transformational Impact in 2025
Discover how a leading Chief Data Officer (CDO) breaks down top predictions for GenAI’s transformative impact on operations and innovation in 2025.
Gencore AI and Amazon Bedrock View More
January 7, 2025
Building Enterprise-Grade AI with Gencore AI and Amazon Bedrock
Learn how to build secure enterprise AI copilots with Amazon Bedrock models, protect AI interactions with LLM Firewalls, and apply OWASP Top 10 LLM...
DSPM Vendor Due Diligence View More
November 18, 2024
DSPM Vendor Due Diligence
DSPM’s Buyer Guide ebook is designed to help CISOs and their teams ask the right questions and consider the right capabilities when looking for...
What's
New