The new DIFC Data Protection Law (No. 5 of 2020) (the “DPL”) and Data Protection Regulations (the “Regulation”) came into force on 1 July 2020, replacing Data Protection Law (No. 1 of 2007) (the “Old Law”). The DPL adopts best practice standards from around the world and is consistent with OECD Guidelines and EU regulations, namely the General Data Protection Regulation (“GDPR”).
The DPL is a comprehensive piece of legislation, governing the collection, processing, storage and use of Personal Data in the DIFC. Those familiar with data protection laws in other jurisdictions will no doubt recognise and be familiar with some of the changes, in particular the enhanced protections given to Data Subjects.
The DPL also considers the impact of emerging technologies on data use, movement and protection. This is an important development given the number of businesses to which the DPL will apply who are beginning to, if they are not already, using emerging technologies (such as coding and blockchain) in their day to day business.
The Office of the Data Commissioner in the DIFC (the “Commissioner”) has announced that businesses have until 1 October 2020 to ensure they are operating in compliance with the DPL. This briefing looks at the key changes made by the DPL, as compared to the Old Law, what businesses need to be considering in the lead up to 1 October 2020 and the consequences if compliance is not met.
If you require any assistance reviewing your policies and procedures for compliance before 1 October 2020, please contact us on the details below.