Securiti+Veeam Will Accelerate Safe Enterprise Al at Scale

View
Contact Us See a demo

UAE Central Bank CPR and CPS

Operationalize CPR & CPS Compliance with PrivacyOps Platform

Last Updated on November 20, 2023

Schedule Your
Personal Demo

Learn how you can leverage Securiti’s Data Command Center to address data security, privacy, governance, and compliance.

See a demo
Schedule your demo today

The Consumer Protection Regulation (Circular No. 8/2020) (CPR) was issued by the Central Bank of the United Arab Emirates on December 31, 2020. Licensed financial institutions governed by the UAE’s Central Bank must adhere to the CPR and the related Consumer Protection Standards (CPS) when handling consumer data.

The CPR imposes various standards concerning conduct, data protection, governance and oversight, responsible lending practices, information and transparency, barriers to competition and access to services, complaints handling, and public awareness.

The CPR and CPS require licensed financial institutions to commit more resources to consumer data protection and implement improved security measures, giving the financial sector an improved overhaul.

Additionally, the CPR and CPS require institutions to design and implement a compliance program with organizational, technical, procedural, and documentary aspects and ensure that it is communicated to and followed by staff.

The Solution

Securiti enables organizations to comply with the Central Bank of UAE's Consumer Protection Regulations (CPR) & Consumer Protection Standards (CPS) through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.

UAE CPR & CPS Regulation Solution

See how our comprehensive platform helps you comply with various sections of the Central Bank of UAE's Consumer Protection Regulations (CPR) & Consumer Protection Standards (CPS).

Request a demo today to learn how Securiti can aid you and your organization's compliance efforts.

 

Automate the Processing of Rectification Requests

CPS Article: 6.1.5.2

Seamlessly fulfill data rectification requests with the help of automated data subject verification workflows across all appearances of a subject’s personal data.

UAE data rectify request
UAE Universal Consent Management

Monitor and Track Consent

CPR Article: 6.1.2.5
CPS Articles: 6.1.3.3, 6.1.3

Securiti's Consent Management Platform enables organizations to obtain end-users' consent for data access, retrieval, and advertising purposes. It allows consent management as per the requirements of the CPR and CPS.

Automate Data Breach Response Notifications

CPR Articles: 6.1.2.3, 6.1.2.4
CPS Articles: 6.1.2.5, 6.1.2.6

Automates compliance actions and breach notifications to concerned stakeholders concerning security and data breach incidents by leveraging a knowledge database on security and data breach incident diagnosis and response.

UAE breach response notification
UAE Data Flow Mapping

Map Data Flows and Data Sharing

CPS Article: 6.1.4.3

Securiti allows organizations to discover and protect large datasets via automated data mapping and data discovery. Effective and automated data mapping helps match personal data with its correct owners in all structured and unstructured data systems.

Manage Vendor Risk

CPS Article: 6.1.4.2

Track, manage, and monitor the privacy and security readiness of vendors from a single interface. Collaborate instantly, automate data requests and deletions, and manage all vendor contracts and compliance documents.

UAE Vendor Risk Management
UAE Privacy Policy creation And Management

Privacy Policy and Notice Management

CPR Article: 6.1.2.2
CPS Articles: 6.1.1.1, 6.1.3.6

Automatically update and refresh your privacy policies and notices. Build and publish a privacy notice with pre-built templates.

Data Security Posture Management

CPR Articles: 6.1.2.3, 6.2.2.5
CPS Articles: 6.1.1.2, 6.1.1.4, 6.1.1.6, 6.1.2.2, 6.1.7

Securiti's Data Intelligence enables organizations to identify emerging risk areas and implement security controls. This ultimately enables gatekeeper organizations to facilitate access to data in real-time utilizing appropriate technical measures.

UAE Data Risk Assessment Automation
UAE Data Access Intelligence

Data Access Intelligence & Controls

CPS Article: 6.1.1.10

Visibility of an identity/role’s access to sensitive data and policy-based controls on an identity/role’s access to data.

Key CPR & CPS Requirements for Financial Institutions

CPR and CPS lay out the following key requirements for licensed financial institutions.

Consumers must be informed in writing of their rights, how their personal data will be used, including disclosures and profiling activities, and what will happen if they refuse to submit the required personal data.

Financial institutions must have multi-channel security where each distribution channel needs to be secure and private.

For effective data management, financial institutions must have a robust system of checks and balances, policies, procedures, and system controls.

Financial institutions must develop employee training and awareness programs on their control framework and ensure that staff receives at least yearly reminders of the need to protect personal information.

Access to customer data should be restricted to authorized personnel and business lines. A log of access to customer data must be kept and made available to the Central Bank upon request; the log must specify which staff members accessed customer data and when.

Before customer data is provided to a third party or used for direct marketing, informed and explicit consent must be obtained. If the consent is for direct marketing, the record of consent must be kept for 5 years following the end of the customer connection.

When sharing data with third parties, the transferring of data to other parties must employ the use of encryption techniques.

Quick Facts about CPR & CPS

Here are some important facts to know about the CPR & CPS:

1

Financial institutions must create a division to handle consumer data protection.

2

Financial institutions must set aside additional resources, such as hiring personnel whose sole duty is ensuring procedures are best suited to safeguarding customer data.

3

Financial institutions must notify the Central Bank of substantial consumer data breaches and the relevant consumer if there is a risk to their financial and personal security.

4

Financial institutions should set up procedures for breach situations, such as specifying who is responsible for reporting the breach and giving personnel sample forms to explain the circumstance.

5

Financial institutions are responsible for implementing adequate security measures to safeguard the customer data they store.

Analyze this article with AI

ChatGPT Claude Perplexity Grok
Prompts open in third-party AI tools.
IDC MarketScape

Securiti named a Leader in the IDC MarketScape for Data Privacy Compliance Software

Read the Report
Please enter a minimum of 3 characters to begin your search.

Type

Videos
View More
January 20, 2025
Mitigating OWASP Top 10 for LLM Applications 2025
Generative AI (GenAI) has transformed how enterprises operate, scale, and grow. There’s an AI application for every purpose, from increasing employee productivity to streamlining...
View More
January 15, 2025
Top 6 DSPM Use Cases
With the advent of Generative AI (GenAI), data has become more dynamic. New data is generated faster than ever, transmitted to various systems, applications,...
View More
January 2, 2025
Colorado Privacy Act (CPA)
What is the Colorado Privacy Act? The CPA is a comprehensive privacy law signed on July 7, 2021. It established new standards for personal...
View More
December 24, 2024
Securiti for Copilot in SaaS
Accelerate Copilot Adoption Securely & Confidently Organizations are eager to adopt Microsoft 365 Copilot for increased productivity and efficiency. However, security concerns like data...
View More
November 1, 2024
Top 10 Considerations for Safely Using Unstructured Data with GenAI
A staggering 90% of an organization's data is unstructured. This data is rapidly being used to fuel GenAI applications like chatbots and AI search....
View More
October 29, 2024
Gencore AI: Building Safe, Enterprise-grade AI Systems in Minutes
As enterprises adopt generative AI, data and AI teams face numerous hurdles: securely connecting unstructured and structured data sources, maintaining proper controls and governance,...
View More
August 12, 2024
Navigating CPRA: Key Insights for Businesses
What is CPRA? The California Privacy Rights Act (CPRA) is California's state legislation aimed at protecting residents' digital privacy. It became effective on January...
View More
June 3, 2024
Navigating the Shift: Transitioning to PCI DSS v4.0
What is PCI DSS? PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards to ensure safe processing, storage, and...
View More
January 29, 2024
Securing Data+AI : Playbook for Trust, Risk, and Security Management (TRiSM)
AI's growing security risks have 48% of global CISOs alarmed. Join this keynote to learn about a practical playbook for enabling AI Trust, Risk,...
AWS Startup Showcase Cybersecurity Governance With Generative AI View More
October 17, 2023
AWS Startup Showcase Cybersecurity Governance With Generative AI
Balancing Innovation and Governance with Generative AI Generative AI has the potential to disrupt all aspects of business, with powerful new capabilities. However, with...

Spotlight Talks

Spotlight 50:52
From Data to Deployment: Safeguarding Enterprise AI with Security and Governance
Watch Now View
Spotlight 11:29
Not Hype — Dye & Durham’s Analytics Head Shows What AI at Work Really Looks Like
Not Hype — Dye & Durham’s Analytics Head Shows What AI at Work Really Looks Like
Watch Now View
Spotlight 11:18
Rewiring Real Estate Finance — How Walker & Dunlop Is Giving Its $135B Portfolio a Data-First Refresh
Watch Now View
Spotlight 13:38
Accelerating Miracles — How Sanofi is Embedding AI to Significantly Reduce Drug Development Timelines
Sanofi Thumbnail
Watch Now View
Spotlight 10:35
There’s Been a Material Shift in the Data Center of Gravity
Watch Now View
Spotlight 14:21
AI Governance Is Much More than Technology Risk Mitigation
AI Governance Is Much More than Technology Risk Mitigation
Watch Now View
Spotlight 12:!3
You Can’t Build Pipelines, Warehouses, or AI Platforms Without Business Knowledge
Watch Now View
Spotlight 47:42
Cybersecurity – Where Leaders are Buying, Building, and Partnering
Rehan Jalil
Watch Now View
Spotlight 27:29
Building Safe AI with Databricks and Gencore
Rehan Jalil
Watch Now View
Spotlight 46:02
Building Safe Enterprise AI: A Practical Roadmap
Watch Now View
Latest
View More
October 21, 2025
Securiti+Veeam Will Accelerate Safe Enterprise Al at Scale
We started Securiti Al with the strong conviction that in the Information Age, the Information aka Data, is the life blood of businesses and a unified platform was needed to provide all essential controls and deep intelligence around...
View More
October 16, 2025
DataAI Security for Financial Services: Turn Risk Into competitive Advantage
Financial services run on sensitive data. AI is now in fraud detection, underwriting, risk modelling, and customer service, raising both upside and risk. Institutions...
View More
October 13, 2025
Navigating China’s AI Regulatory Landscape in 2025: What Businesses Need to Know
A 2025 guide to China’s AI rules - generative-AI measures, algorithm & deep-synthesis filings, PIPL data exports, CAC security reviews with a practical compliance...
View More
October 7, 2025
All You Need to Know About Ontario’s Personal Health Information Protection Act 2004
Here’s what you need to know about Ontario’s Personal Health Information Protection Act of 2004 to ensure effective compliance with it.
The 5 Tenets of Modern DSPM for Financial Services View More
October 19, 2025
The 5 Tenets of Modern DSPM for Financial Services
Learn the 5 tenets of modern DSPM for financial services: continuous discovery, access governance, real-time risk visibility, automated remediation, and continuous compliance.
Maryland Online Data Privacy Act (MODPA) View More
October 6, 2025
Maryland Online Data Privacy Act (MODPA): Compliance Requirements Beginning October 1, 2025
Access the whitepaper to discover the compliance requirements under the Maryland Online Data Privacy Act (MODPA). Learn how Securiti helps ensure swift compliance.
DSPM vs Legacy Security Tools: Filling the Data Security Gap View More
September 30, 2025
DSPM vs Legacy Security Tools: Filling the Data Security Gap
The infographic discusses why and where legacy security tools fall short, and how a DSPM tool can make organizations’ investments smarter and more secure.
Operationalizing DSPM: 12 Must-Dos for Data & AI Security View More
September 22, 2025
Operationalizing DSPM: 12 Must-Dos for Data & AI Security
A practical checklist to operationalize DSPM—12 must-dos covering discovery, classification, lineage, least-privilege, DLP, encryption/keys, policy-as-code, monitoring, and automated remediation.
The DSPM Architect’s Handbook View More
June 16, 2025
The DSPM Architect’s Handbook: Building an Enterprise-Ready Data+AI Security Program
Get certified in DSPM. Learn to architect a DSPM solution, operationalize data and AI security, apply enterprise best practices, and enable secure AI adoption...
Gencore AI and Amazon Bedrock View More
January 7, 2025
Building Enterprise-Grade AI with Gencore AI and Amazon Bedrock
Learn how to build secure enterprise AI copilots with Amazon Bedrock models, protect AI interactions with LLM Firewalls, and apply OWASP Top 10 LLM...
What's
New