Securiti Named a 2022 Cool Vendor in Data Security by GartnerDownload Now
UAE's Federal Decree-Law No. 45 of 2021 on Personal Data Protection (UAE’s PDPL) takes into effect on Jan 2, 2022. Start your compliance process within 24 hours with Securiti.
On November 28th, 2021, the UAE Cabinet enacted the Federal Decree-Law No. 45 of 2021 regarding the Protection of Personal Data. The UAE’s PDPL applies to the processing of personal data, by wholly or partly automated means, or any other means, by any data controller or data processor within the UAE processing the personal data of UAE’s residents who are within or outside of the UAE. UAE’s PDPL also applies to data controllers or data processors who are not established in UAE but process the personal data of residents of UAE.
UAE’s PDPL will take into effect on 02 January 2022, and will be supplemented by the issuance of a set of Executive Regulations which will be published in March 2022. Organizations will have a further six months from the date on which the Executive Regulations are issued in order to comply with the PDPL.
However, this date may be extended at the discretion of the UAE Cabinet.
Securiti empowers organizations across the globe to ensure smooth compliance with UAE’s Personal Data Protection Law with its AI-driven data discovery, DSR automation, universal consent management, autonomous documented accountability, data breach management, and vendor risk assessment functionality.
Securiti enables enterprises and supports them in their journey towards compliance
with UAE’s Personal Data Protection Law through automation, enhanced data visibility, and identity linking.
See how our comprehensive PrivacyOps platform helps you comply with various sections of UAE’s Personal Data Protection Law.
Articles: 1, 2, 5, 7, 10-12, 20
With the help of our multi-regulation, collaborative, and readiness assessment system, you can gauge your organization's posture against UAE’s PDPL requirements, identify the compliance gaps, and address the risks. Seamlessly being able to expand assessment capabilities across your vendor ecosystem to maintain compliance against the UAE’s PDPL.
Data subjects have several rights instituted under the UAE’s PDPL. To fulfill these rights under the UAE’s PDPL, organizations must have a well-organized and modern platform to cater to verified DSR requests.
Articles: 13, 14
Conveniently disclose the required information to the data subjects free of charge via the secure, centralized portal. Automating the delivery and generation of secure data access reports minimizes the risk of any compliance violations.
Seamlessly fulfill all data rectification requests with automated data subject verification and rectification workflows across all appearances of a data subject’s personal data.
Erase, destroy or anonymize a data subject’s requests via automated and flexible workflows.
Articles: 16, 17, 18
Create a framework for restriction and objection of processing handling based on business requirements, with collaborative workflows.
Articles: 4, 6, 16(3)
Routinely monitor and track consent of data subjects to prevent any illegal transfer or processing of data without the data subject’s consent. Continuously validate consent compliance to regulators and data subjects for swift action.
Articles: 22, 23, 7(4), 8(7)
Instantly trace, manage, and monitor data flows on a single interface. Get comprehensive visibility by generating reports of all data points, cross-border data transfers, vendor contracts, and compliance records.
Conduct automated, mandatory Data Protection Impact Assessments and other Risk Assessments to evaluate processing activities. Collaborate and track all internal assessments in one place.
Automate compliance actions and breach notifications to concerned stakeholders regarding any security incidents by leveraging a knowledge database on security incident diagnosis and response.
Articles: 7(5), 8
Keep track of privacy and security readiness for all your service providers from a single interface. Collaborate instantly with vendors, automate data requests and deletions, and manage all vendor contracts and compliance documents.
Articles: 4, 6, 16(3)
Automatically scan the web properties within your organization, categorizing tags and cookies. Also, build customizable cookie banners, collect consent, and provide a preference center.
Articles: 5(1), 13(2)
Articles: 5, 7(2)
Keep a birds-eye view of potential risks against non-compliance to data subjects’ rights by routinely monitoring and scanning personal data.
Right to access information: The data subject has the right to obtain the information regarding the processing of his/her personal data by submitting a request to the data controller.
Right to request personal data portability: A data subject has the right to receive his personal data in a structured and machine-readable format. A data subject has the right to transfer his/her personal data from one data controller to another data controller, wherever technically feasible.
Right to rectification or erasure of personal data: The data subject will have the right to rectify any inaccurate of his/her personal information and the right to require the data controller to erase his/her personal information.
Right to stop or restrict the processing: A data subject has the right to require the data controller to restrict and stop the processing of their personal information.
Right to object to automated processing: A data subject has the right to object to automated decision-making that has legal implications or serious effects, including profiling.
This will be the first federally applicable data protection law in the UAE.
The UAE’s PDPL does not apply to government data, public entities, the processing of personal data for personal use, health or credit data governed by their own respective legislation.
The UAE’s PDPL does not apply to organizations established in free zones with their own personal data protection laws.
Violating the UAE’s PDPL may end up costing companies huge sums of money. The level of sanctions will be specified in subsequent executive regulations, including any administrative penalties that may be imposed.
A UAE Data Office will be established to regulate the implementation of UAE’s PDPL.
Personal data may be transferred outside the UAE to states or territories that offer an adequate level of protection but are subject to the approval of the UAE Data Office.
The law is part of the UAE’s strategic principles meant to be implemented within the kingdom in the next 50 years to ensure social, political, and economic stability.Learn More
PO Box 13039,
Coyote CA 95013