UAE's Federal Decree-Law No. 45 of 2021 on Personal Data Protection (UAE’s PDPL)
Operationalize PDPL Compliance with PrivacyOps Platform
Last Updated on April 27, 2023
Privacy Center
Fully Functional In Minutes
Elegant Consumer Frontend, Fully Automated Backend, Privacy Regulation Intelligent Everywhere.
Email already in use
Looks like this email is already registered with an existing account.
Unexpected error occurred
Looks like there was an error completing your request, Please contact us here for further support.
Please do not close this window while we process your request
On November 28th, 2021, the UAE Cabinet enacted the Federal Decree-Law No. 45 of 2021 regarding the Protection of Personal Data. The UAE’s PDPL applies to the processing of personal data, by wholly or partly automated means, or any other means, by any data controller or data processor within the UAE processing the personal data of UAE’s residents who are within or outside of the UAE. UAE’s PDPL also applies to data controllers or data processors who are not established in UAE but process the personal data of residents of UAE.
UAE’s PDPL will take into effect on 02 January 2022, and will be supplemented by the issuance of a set of Executive Regulations which will be published in March 2022. Organizations will have a further six months from the date on which the Executive Regulations are issued in order to comply with the PDPL.
However, this date may be extended at the discretion of the UAE Cabinet.
The solution
Securiti empowers organizations across the globe to ensure smooth compliance with UAE’s Personal Data Protection Law with its AI-driven data discovery, DSR automation, universal consent management, autonomous documented accountability, data breach management, and vendor risk assessment functionality.
Securiti enables enterprises and supports them in their journey towards compliance
with UAE’s Personal Data Protection Law through automation, enhanced data visibility, and identity linking.
See how our comprehensive PrivacyOps platform helps you comply with various sections of UAE’s Personal Data Protection Law.
Assess UAE's PDPL Readiness
Articles: 1, 2, 5, 7, 10-12, 20
With the help of our multi-regulation, collaborative, and readiness assessment system, you can gauge your organization's posture against UAE’s PDPL requirements, identify the compliance gaps, and address the risks. Seamlessly being able to expand assessment capabilities across your vendor ecosystem to maintain compliance against the UAE’s PDPL.
Automate consumer data request handling
Article: 19
Data subjects have several rights instituted under the UAE’s PDPL. To fulfill these rights under the UAE’s PDPL, organizations must have a well-organized and modern platform to cater to verified DSR requests.
Secure fulfillment of data access requests
Articles: 13, 14
Conveniently disclose the required information to the data subjects free of charge via the secure, centralized portal. Automating the delivery and generation of secure data access reports minimizes the risk of any compliance violations.
Automate the processing of rectification requests
Article: 15(1)
Seamlessly fulfill all data rectification requests with automated data subject verification and rectification workflows across all appearances of a data subject’s personal data.
Automate erasure/destroy/anonymize requests
Articles: 15(2)(3)
Erase, destroy or anonymize a data subject’s requests via automated and flexible workflows.
Automate object and restriction of processing requests
Articles: 16, 17, 18
Create a framework for restriction and objection of processing handling based on business requirements, with collaborative workflows.
Monitor and track consent
Articles: 4, 6, 16(3)
Routinely monitor and track consent of data subjects to prevent any illegal transfer or processing of data without the data subject’s consent. Continuously validate consent compliance to regulators and data subjects for swift action.
Map data flows (cross border data transfers) and generate RoPA reports
Articles: 22, 23, 7(4), 8(7)
Instantly trace, manage, and monitor data flows on a single interface. Get comprehensive visibility by generating reports of all data points, cross-border data transfers, vendor contracts, and compliance records.
Automate DPIAs and risk assessments
Article: 21
Conduct automated, mandatory Data Protection Impact Assessments and other Risk Assessments to evaluate processing activities. Collaborate and track all internal assessments in one place.
Automate data breach response notifications
Article: 9
Automate compliance actions and breach notifications to concerned stakeholders regarding any security incidents by leveraging a knowledge database on security incident diagnosis and response.
Manage vendor risk
Articles: 7(5), 8
Keep track of privacy and security readiness for all your service providers from a single interface. Collaborate instantly with vendors, automate data requests and deletions, and manage all vendor contracts and compliance documents.
Meet cookie compliance
Articles: 4, 6, 16(3)
Automatically scan the web properties within your organization, categorizing tags and cookies. Also, build customizable cookie banners, collect consent, and provide a preference center.
Privacy policy and notice management
Articles: 5(1), 13(2)
Use expert-made jurisdiction-specific templates with built-in integration with the rest of your privacy stack to automate updates to the privacy policy & notice by tracking changes in cookie consent, universal consent, data processing, and data subject rights activities.
Continuous monitoring and tracking
Articles: 5, 7(2)
Keep a birds-eye view of potential risks against non-compliance to data subjects’ rights by routinely monitoring and scanning personal data.
Data Subject Rights Under UAE’s Personal Data Protection Law
Right to access information: The data subject has the right to obtain the information regarding the processing of his/her personal data by submitting a request to the data controller.
Right to request personal data portability: A data subject has the right to receive his personal data in a structured and machine-readable format. A data subject has the right to transfer his/her personal data from one data controller to another data controller, wherever technically feasible.
Right to rectification or erasure of personal data: The data subject will have the right to rectify any inaccurate of his/her personal information and the right to require the data controller to erase his/her personal information.
Right to stop or restrict the processing: A data subject has the right to require the data controller to restrict and stop the processing of their personal information.
Right to object to automated processing: A data subject has the right to object to automated decision-making that has legal implications or serious effects, including profiling.
Quick Facts about UAE’s Personal Data Protection Law
This will be the first federally applicable data protection law in the UAE.
The UAE’s PDPL does not apply to government data, public entities, the processing of personal data for personal use, health or credit data governed by their own respective legislation.
The UAE’s PDPL does not apply to organizations established in free zones with their own personal data protection laws.
Violating the UAE’s PDPL may end up costing companies huge sums of money. The level of sanctions will be specified in subsequent executive regulations, including any administrative penalties that may be imposed.
A UAE Data Office will be established to regulate the implementation of UAE’s PDPL.
Personal data may be transferred outside the UAE to states or territories that offer an adequate level of protection but are subject to the approval of the UAE Data Office.
Other Resources
A brief intro UAE PDPL
On November 28th, 2021, the UAE Cabinet enacted the Federal Decree-Law No. 45 of 2021 regarding the Protection of Personal Data.
Learn More
UAE Data Protection Law Compliance Checklist
A checklist for companies regarding the new PDPL Law in UAE for compliance.
Learn More
What You Need to Know About the UAE Data Protection Law
The law is part of the UAE’s strategic principles meant to be implemented within the kingdom in the next 50 years to ensure social, political, and economic stability.
Learn MoreAt Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.
Copyright © 2023 Securiti · Sitemap · XML Sitemap
Newsletter
Resources
Get in touch
[email protected]
300 Santana Row Suite 450. San Jose,
CA 95128
