Securiti PrivacyOps Named a Leader in The Forrester WaveTMDownload Now
Published on December 27, 2021 AUTHOR - PRIVACY RESEARCH TEAM
In November 2021 His Highness Sheikh Khalifa bin Zayed Al Nahyan, the President of the United Arab Emirates, approved Federal Decree-Law No 45 2021 on Protection of Personal Data (PDPL).Its purpose is in line with several other data protection laws that have been drafted and enacted in other parts of the world. It is a comprehensive law that deals with data privacy and the rights of UAE citizens over how they choose to share their data with data handlers.
The law is part of the UAE’s grander “Principles of the 50” - a charter of 10 strategic principles meant to be implemented within the kingdom in the next 50 years to ensure social, political, and economic stability.
Like the GDPR, the PDPL is explicit in singling out which businesses are supposed to comply with the legislation.
As per Article 2(1) of the PDPL, all businesses registered in the UAE that are processing personal data of data subjects inside or outside the UAE are supposed to comply with the PDPL. Moreover, companies that are collecting data on UAE residents on behalf of other organisations have to follow this law just the same.
Under Article 2(2), there are certain entities exempt from the provisions of the new law, such as government data, public entities’ data, health and credit data subject to their own dedicated legislation, and most importantly, entities established within the free zones such as the DIFC and ADGM that have their own data protection laws.
Businesses that are part of the Dubai International Financial Centre (DIFC) and Abu Dhabi Global Market (ADGM) free zones but process data on behalf of companies that are not a part of the DIFC and ADGM are also covered by the law in limited cases.
The PDPL is explicit in protecting all data subjects’ collected personal and sensitive data. The following data is covered under the UAE’s new data protection law:
Under the new PDPL, all users, or data subjects in UAE have certain rights that a data handler is required to ensure under any and all circumstances. These include:
This is arguably the most ambiguous part of the new PDPL. Unlike most data protection laws, the PDPL is not explicit about what penalties will be imposed on companies that are found to be non-compliant with the provisions of the new law.
As things stand, the Council of Ministers and the courts will recommend appropriate administrative fines for any business found breaching any of the new law’s provisions. There are plans to introduce standardized penalties for such breaches via Executive Regulation that will be carried out by the UAE Data Office once the law officially comes into effect on January 2, 2022.
For the detailed understanding of the UAE’s PDPL, please also refer to our comprehensive article on the PDPL here.
Users across the world are becoming increasingly conscious and vocal about their rights to data privacy and data protection. Naturally, legislations are being drafted globally that would mandate businesses to undertake proactive measures to ensure all data collected on data subjects is not only protected but also gained with appropriate consent.
Simultaneously, the sheer volume of data being processed renders it necessary for businesses to turn towards automated solutions to guarantee compliance with the various data protection laws globally.
Securiti prides itself on its pioneer data-driven PrivacyOps framework that offers multiple artificial intelligence and machine learning-powered tools meant to ensure data compliance for businesses of all sizes. Request a demo today to see these tools in action and see for yourself how Securiti can help you achieve PDPL compliance at the click of a button.
December 24, 2021
The United Arab Emirates (UAE) recently passed the Federal Decree-Law No. 45 of 2021 on Protection of Personal Data (PDPL) in November 2021. The PDPL acts as the primary federal legislation dealing with data privacy and data protection...
July 20, 2020
In this era where data privacy regulations are sprouting up almost daily, another city has taken data privacy rights into consideration and devised a law that resembles the likes of GDPR. In 2004, Dubai’s International Financial Centre (DIFC),...
PO Box 13039,
Coyote CA 95013