'Most Innovative Startup 2020' by RSA - Watch the videoLearn More
The United Arab Emirates (UAE) has a Federal Telecommunication Law ( Federal Law) which requires that a company must hold a license in order to provide public communications services and operate public telecommunication networks. Under this Federal Law, a Telecommunication Regulatory Authority (TRA) was established which regulates the telecommunication sector in the UAE. The TRA is involved in ensuring cybersecurity and hosting the UAE's Computer Emergency Response Team. The TRA also actively regulates consumer protection and has recently issued an updated Consumer Protection Regulations (CPR). The CPR has few provisions that directly relates to the data privacy of subscribers to telecommunication services. Under the CPR, a licenced company shall take all reasonable measures to protect the privacy of the subscriber’s information that it maintains in its files, whether in electronic or paper form. Furthermore, licensees shall use reliable security measures against risks such as loss or unauthorised access, destruction, leakage, inappropriate use, modification and/or unauthorised disclosure.
Securiti enables organizations to comply with the TRA CPR through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.
See how our comprehensive PrivacyOps platform helps you comply with various sections of the TRA CPR.
TRA CPR Section: 18
Keep track of risks against non-compliance to privacy provisions by continuously monitoring and scanning data.
Discover personal data stored across all your internal and external systems within the organization and link them back to a unique data subject. Also, visualize personal data sprawl and identify compliance risks.
TRA CPR Sections: 18.5
Track and honor consent and consent revocation as well as any changes to individual’s preferences concerning the use of their personal data to prevent the transfer or processing of data without their consent.
TRA CPR Sections: 15.1, 15.2, 18
Measure your organization’s posture against TRA CPRrequirements with the help of our multi-regulation, collaborative, readiness, and data protection impact assessment system. It allows you to identify gaps in compliance and address the risks. Seamlessly expand assessment capabilities across your vendor ecosystem to maintain compliance against TRA CPR requirements.
TRA CPR Section: 18, 20.10
Track data flows in your organizations by having a centralized catalogue of internal data process flows as well as flows for data transfer to service providers and other third parties. Maintaining updated records of data processing activities enables you to demonstrate compliance with the applicable legal requirements.
TRA CPR Sections: 18.8
Track, manage and monitor privacy and security readiness for all your service providers from a single interface. Collaborate instantly with vendors, automate data requests, and manage all vendor contracts and compliance documents.
On 30th September 2020, the Central Bank of UAE issued a new Stored Value Facilities Regulation (the “ SVF Regulation”) to support the development of digital payment services in the UAE. The SVF Regulation was designed to facilitate access to the UAE market for SVF providers, Payment Service Providers (PSPs) and FinTech Firms, whilst continuing to protect customer interests, ensuring proper business practices and supporting the development of payment products and services in the UAE.
There are few sections under the SVF Regulation that prescribes the data protection requirements for the SVF licensees. The SVF Regulation requires that an SVF licensee must adequately protect customer’s data which are required to be stored and maintained in the UAE. It also prescribes that an SVF licensee must store and retain all customer and transaction data for a period of five years from the date of the creation of the customer data, or longer if required by other laws.
Furthermore, the SVF licensees must also have adequate policies, procedures and measures in place to protect their information and accounting systems, databases, and other records and documents from unauthorized access, unauthorized retrieval, tampering and misuse.
See how the comprehensive PrivacyOps framework can help you comply with various sections of the CBUAE SVF Regulation
Articles: 2, 3(5)(6), 8(1), 9(10), 10(5)(6), 12, 13(7.4)
With the help of our multi-regulation, collaborative, readiness, and privacy impact assessment system, you can gauge your organization's posture against the CBUAE SVF Regulation requirements, identify the gaps, and address the risks. Seamlessly being able to expand assessment capabilities across your vendor ecosystem to maintain compliance against the regulation.
Article: 8(1), 9(10), 10(5), 12
Keep track of risks involved by continuously scanning and monitoring data against non-compliance to the protection of data, security controls, or data residency.
Articles: 3(5)(6), 8(1)(14)(15), 12(43-47), 13(7.4)
Keep track of privacy and security readiness for all your service providers from a single interface. Collaborate instantly with vendors, automate deletion requests, and manage all vendor contracts and compliance documents.
Track data flows in your organizations, trace this data, catalogue, transfer, and document business process flows internally and to service providers or third parties.
Automate compliance actions and breach notifications to concerned stakeholders with regards to security incidents by leveraging a knowledge database on security incident diagnosis and response.
The multi-disciplinary practice to grow trust-equity of your brand and comply with privacy regulations.Get the Book
“By leveraging the PrivacyOps constructs from this book across our organization we were able to not only save time and money but also mitigate the risks associated with manual methods of privacy management.”
- Marty Collins, Chief Privacy and Legal Officer, QuinStreet, Inc