IDC Names Securiti a Worldwide Leader in Data Privacy

View
Contact Us Schedule a Demo

Overview of UAE Data Protection Law

What You Need to Know About the UAE Data Protection Law
By Securiti Research Team
Published December 27, 2021 / Updated August 18, 2023

In November 2021 His Highness Sheikh Khalifa bin Zayed Al Nahyan, the President of the United Arab Emirates, approved Federal Decree-Law No 45 2021 on Protection of Personal Data (PDPL).Its purpose is in line with several other data protection laws that have been drafted and enacted in other parts of the world. It is a comprehensive law that deals with data privacy and the rights of UAE citizens over how they choose to share their data with data handlers.

The law is part of the UAE’s grander “Principles of the 50” - a charter of 10 strategic principles meant to be implemented within the kingdom in the next 50 years to ensure social, political, and economic stability.

Who’s Supposed To Comply

Like the GDPR, the PDPL is explicit in singling out which businesses are supposed to comply with the legislation.

As per Article 2(1) of the PDPL, all businesses registered in the UAE that are processing personal data of data subjects inside or outside the UAE are supposed to comply with the PDPL. Moreover, companies that are collecting data on UAE residents on behalf of other organisations have to follow this law just the same.

Under Article 2(2), there are certain entities exempt from the provisions of the new law, such as government data, public entities’ data, health and credit data subject to their own dedicated legislation, and most importantly, entities established within the free zones such as the DIFC and ADGM that have their own data protection laws.

Businesses that are part of the Dubai International Financial Centre (DIFC) and Abu Dhabi Global Market (ADGM) free zones but process data on behalf of companies that are not a part of the DIFC and ADGM are also covered by the law in limited cases.

What Data Is Covered?

The PDPL is explicit in protecting all data subjects’ collected personal and sensitive data. The following data is covered under the UAE’s new data protection law:

  • Name
  • Voice
  • Picture
  • Identification number
  • Race
  • Ethnicity
  • Religion
  • Sexual preference
  • Biometric data
  • Criminal record
  • Health records
  • Geographical location

What Rights Do Data Subjects Have?

Under the new PDPL, all users, or data subjects in UAE have certain rights that a data handler is required to ensure under any and all circumstances. These include:

Right to Access Information

All data subjects have the right to know what data or information a business has collected on them. Similarly, the data subject can request to know why the data was collected, where the data is stored, what safety precautions are being taken to protect their data, and what actions will be taken in the event of a data breach.

Right to Data Portability

Similar to having the right to access their information, all data subjects have the right to receive any and all such information in an easy-to-read and transferable format that can be easily accessed across all major platforms and mediums.

Right to Restricting Processing

All data subjects have the right to restrict any business from processing any further data related to them. It is the business's responsibility to ensure no further data is collected on the data subject  once they have exercised this claim.

Right to Erasure of Data

All data subjects have the right to request any business to delete any and all data that may have been collected on the data subject.

Right to Object to Automated Processing

All data subjects have the right to restrict a business from using any and all data collected on the data subject to aid automated decision-making that may affect the data subject.

Right to Rectification

All data subjects have the right to request a data handler to change, amend, or modify data collected on data subjects in case it is outdated, incomplete, or incorrect.

Penalties For Non-Compliance

This is arguably the most ambiguous part of the new PDPL. Unlike most data protection laws, the PDPL is not explicit about what penalties will be imposed on companies that are found to be non-compliant with the provisions of the new law.

As things stand, the Council of Ministers and the courts will recommend appropriate administrative fines for any business found breaching any of the new law’s provisions. There are plans to introduce standardized penalties for such breaches via Executive Regulation that will be carried out by the UAE Data Office once the law officially comes into effect on January 2, 2022.

For a detailed understanding of the UAE’s PDPL, please also refer to our comprehensive article on the PDPL here.

How Can Securiti Help?

Users across the world are becoming increasingly conscious and vocal about their rights to data privacy and data protection. Naturally, legislations are being drafted globally that would mandate businesses to undertake proactive measures to ensure all data collected on data subjects is not only protected but also gained with appropriate consent.

Simultaneously, the sheer volume of data being processed renders it necessary for businesses to turn towards automated solutions to guarantee compliance with the various data protection laws globally.

Securiti prides itself on its pioneer data-driven PrivacyOps framework that offers multiple artificial intelligence and machine learning-powered tools meant to ensure data compliance for businesses of all sizes. Request a demo today to see these tools in action and see for yourself how Securiti can help you achieve PDPL compliance at the click of a button.

Join Our Newsletter

Get all the latest information, law updates and more delivered to your inbox

Share

More Stories that May Interest You

New Dubai Data Protection Law View More

July 18, 2023

New Dubai Data Protection Law

In this era where data privacy regulations are sprouting up almost daily, another city has taken data privacy rights into consideration and devised a...

South Africa’s POPIA View More

December 27, 2021

UAE PDPL

UAE Personal Data Protection Law (PDPL) The UAE Cabinet issued its highly anticipated Federal Decree-Law No. 45 of 2021 regarding the Protection of Personal...

UAE Data Protection Law Compliance Checklist View More

December 24, 2021

UAE Data Protection Law Compliance Checklist

The United Arab Emirates (UAE) recently passed the Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL) in November 2021....

At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.

Copyright © 2023 Securiti · Sitemap · XML Sitemap

Newsletter

Company

Resources

Terms

Get in touch

[email protected]
300 Santana Row Suite 450. San Jose,
CA 95128

Gartner Cool Vendor Award Forrester Badge IAPP Innovation award 2020 IDC Worldwide Leader RSAC Leader CBInsights Forbes Security Forbes Machine Learning G2 Users Most Likely To Recommend