IDC Names Securiti a Worldwide Leader in Data Privacy


UAE Central Bank CPR and CPS

Operationalize CPR & CPS Compliance with PrivacyOps Platform

Last Updated on November 20, 2023

Privacy Center
Fully Functional In Minutes

Elegant Consumer Frontend, Fully Automated Backend, Privacy Regulation Intelligent Everywhere.


The Consumer Protection Regulation (Circular No. 8/2020) (CPR) was issued by the Central Bank of the United Arab Emirates on December 31, 2020. Licensed financial institutions governed by the UAE’s Central Bank must adhere to the CPR and the related Consumer Protection Standards (CPS) when handling consumer data.

The CPR imposes various standards concerning conduct, data protection, governance and oversight, responsible lending practices, information and transparency, barriers to competition and access to services, complaints handling, and public awareness.

The CPR and CPS require licensed financial institutions to commit more resources to consumer data protection and implement improved security measures, giving the financial sector an improved overhaul.

Additionally, the CPR and CPS require institutions to design and implement a compliance program with organizational, technical, procedural, and documentary aspects and ensure that it is communicated to and followed by staff.

The Solution

Securiti enables organizations to comply with the Central Bank of UAE's Consumer Protection Regulations (CPR) & Consumer Protection Standards (CPS) through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.

UAE CPR & CPS Regulation Solution

See how our comprehensive platform helps you comply with various sections of the Central Bank of UAE's Consumer Protection Regulations (CPR) & Consumer Protection Standards (CPS).

Request a demo today to learn how Securiti can aid you and your organization's compliance efforts.


Automate the Processing of Rectification Requests

CPS Article:

Seamlessly fulfill data rectification requests with the help of automated data subject verification workflows across all appearances of a subject’s personal data.

data rectify request
Universal Consent Management

Monitor and Track Consent

CPR Article:
CPS Articles:, 6.1.3

Securiti's Consent Management Platform enables organizations to obtain end-users' consent for data access, retrieval, and advertising purposes. It allows consent management as per the requirements of the CPR and CPS.

Automate Data Breach Response Notifications

CPR Articles:,
CPS Articles:,

Automates compliance actions and breach notifications to concerned stakeholders concerning security and data breach incidents by leveraging a knowledge database on security and data breach incident diagnosis and response.

breach response notification
Data Flow Mapping

Map Data Flows and Data Sharing

CPS Article:

Securiti allows organizations to discover and protect large datasets via automated data mapping and data discovery. Effective and automated data mapping helps match personal data with its correct owners in all structured and unstructured data systems.

Manage Vendor Risk

CPS Article:

Track, manage, and monitor the privacy and security readiness of vendors from a single interface. Collaborate instantly, automate data requests and deletions, and manage all vendor contracts and compliance documents.

Vendor Risk Management
Privacy Policy creation And Management

Privacy Policy and Notice Management

CPR Article:
CPS Articles:,

Automatically update and refresh your privacy policies and notices. Build and publish a privacy notice with pre-built templates.

Data Security Posture Management

CPR Articles:,
CPS Articles:,,,, 6.1.7

Securiti's Data Intelligence enables organizations to identify emerging risk areas and implement security controls. This ultimately enables gatekeeper organizations to facilitate access to data in real-time utilizing appropriate technical measures.

Data Risk Assessment Automation
Central Bank of UAE’s Consumer Protection Regulations (CPR) & Consumer Protection Standards (CPS)

Data Access Intelligence & Controls

CPS Article:

Visibility of an identity/role’s access to sensitive data and policy-based controls on an identity/role’s access to data.

Key CPR & CPS Requirements for Financial Institutions

CPR and CPS lay out the following key requirements for licensed financial institutions.

Consumers must be informed in writing of their rights, how their personal data will be used, including disclosures and profiling activities, and what will happen if they refuse to submit the required personal data.

Financial institutions must have multi-channel security where each distribution channel needs to be secure and private.

For effective data management, financial institutions must have a robust system of checks and balances, policies, procedures, and system controls.

Financial institutions must develop employee training and awareness programs on their control framework and ensure that staff receives at least yearly reminders of the need to protect personal information.

Access to customer data should be restricted to authorized personnel and business lines. A log of access to customer data must be kept and made available to the Central Bank upon request; the log must specify which staff members accessed customer data and when.

Before customer data is provided to a third party or used for direct marketing, informed and explicit consent must be obtained. If the consent is for direct marketing, the record of consent must be kept for 5 years following the end of the customer connection.

When sharing data with third parties, the transferring of data to other parties must employ the use of encryption techniques.

Quick Facts about CPR & CPS

Here are some important facts to know about the CPR & CPS:


Financial institutions must create a division to handle consumer data protection.


Financial institutions must set aside additional resources, such as hiring personnel whose sole duty is ensuring procedures are best suited to safeguarding customer data.


Financial institutions must notify the Central Bank of substantial consumer data breaches and the relevant consumer if there is a risk to their financial and personal security.


Financial institutions should set up procedures for breach situations, such as specifying who is responsible for reporting the breach and giving personnel sample forms to explain the circumstance.


Financial institutions are responsible for implementing adequate security measures to safeguard the customer data they store.

IDC MarketScape

Securiti named a Leader in the IDC MarketScape for Data Privacy Compliance Software

Read the Report