Securiti PrivacyOps Named a Leader in The Forrester WaveTM

Download Now

In November 2021 His Highness Sheikh Khalifa bin Zayed Al Nahyan, the President of the United Arab Emirates, approved Federal Decree-Law No 45 2021 on Protection of Personal Data (PDPL).Its purpose is in line with several other data protection laws that have been drafted and enacted in other parts of the world. It is a comprehensive law that deals with data privacy and the rights of UAE citizens over how they choose to share their data with data handlers.

The law is part of the UAE’s grander “Principles of the 50” - a charter of 10 strategic principles meant to be implemented within the kingdom in the next 50 years to ensure social, political, and economic stability.

Who’s Supposed To Comply

Like the GDPR, the PDPL is explicit in singling out which businesses are supposed to comply with the legislation.

As per Article 2(1) of the PDPL, all businesses registered in the UAE that are processing personal data of data subjects inside or outside the UAE are supposed to comply with the PDPL. Moreover, companies that are collecting data on UAE residents on behalf of other organisations have to follow this law just the same.

Under Article 2(2), there are certain entities exempt from the provisions of the new law, such as government data, public entities’ data, health and credit data subject to their own dedicated legislation, and most importantly, entities established within the free zones such as the DIFC and ADGM that have their own data protection laws.

Businesses that are part of the Dubai International Financial Centre (DIFC) and Abu Dhabi Global Market (ADGM) free zones but process data on behalf of companies that are not a part of the DIFC and ADGM are also covered by the law in limited cases.

What Data Is Covered?

The PDPL is explicit in protecting all data subjects’ collected personal and sensitive data. The following data is covered under the UAE’s new data protection law:

  • Name
  • Voice
  • Picture
  • Identification number
  • Race
  • Ethnicity
  • Religion
  • Sexual preference
  • Biometric data
  • Criminal record
  • Health records
  • Geographical location

What Rights Do Data Subjects Have?

Under the new PDPL, all users, or data subjects in UAE have certain rights that a data handler is required to ensure under any and all circumstances. These include:

Right to Access Information

All data subjects have the right to know what data or information a business has collected on them. Similarly, the data subject can request to know why the data was collected, where the data is stored, what safety precautions are being taken to protect their data, and what actions will be taken in the event of a data breach.

Right to Data Portability

Similar to having the right to access their information, all data subjects have the right to receive any and all such information in an easy-to-read and transferable format that can be easily accessed across all major platforms and mediums.

Right to Restricting Processing

All data subjects have the right to restrict any business from processing any further data related to them. It is the business's responsibility to ensure no further data is collected on the data subject  once they have exercised this claim.

Right to Erasure of Data

All data subjects have the right to request any business to delete any and all data that may have been collected on the data subject.

Right to Object to Automated Processing

All data subjects have the right to restrict a business from using any and all data collected on the data subject to aid automated decision-making that may affect the data subject.

Right to Rectification

All data subjects have the right to request a data handler to change, amend, or modify data collected on data subjects in case it is outdated, incomplete, or incorrect.

Penalties For Non-Compliance

This is arguably the most ambiguous part of the new PDPL. Unlike most data protection laws, the PDPL is not explicit about what penalties will be imposed on companies that are found to be non-compliant with the provisions of the new law. 

As things stand, the Council of Ministers and the courts will recommend appropriate administrative fines for any business found breaching any of the new law’s provisions. There are plans to introduce standardized penalties for such breaches via Executive Regulation that will be carried out by the UAE Data Office once the law officially comes into effect on January 2, 2022.

For the detailed understanding of the UAE’s PDPL, please also refer to our comprehensive article on the PDPL here.

How Can Securiti Help? 

Users across the world are becoming increasingly conscious and vocal about their rights to data privacy and data protection. Naturally, legislations are being drafted globally that would mandate businesses to undertake proactive measures to ensure all data collected on data subjects is not only protected but also gained with appropriate consent.

Simultaneously, the sheer volume of data being processed renders it necessary for businesses to turn towards automated solutions to guarantee compliance with the various data protection laws globally. 

Securiti prides itself on its pioneer data-driven PrivacyOps framework that offers multiple artificial intelligence and machine learning-powered tools meant to ensure data compliance for businesses of all sizes. Request a demo today to see these tools in action and see for yourself how Securiti can help you achieve PDPL compliance at the click of a button.

Share this

Join Our Newsletter

Get all the latest information, law updates and more delivered to your inbox

Related Content

Systems

Newsletter


Securiti PrivacyOps Named a Leader in The Forrester WaveTM

View