UAE - Federal | DataGuidance

UAE - Federal

Summary

Law: Federal Decree-Law No. 45 of 2021 regarding the Protection of Personal Data ('the Law')

Regulator: UAE Data Office (not yet operational)

Summary: On 28 November 2021, the UAE Cabinet announced that it had enacted the Law regarding the protection of personal data, as issued on 20 September 2021. The Law covers the processing of personal data belonging to data subjects within the UAE, regardless of the location of the data controller or data processor. In addition, the Law outlines the conditions for consent, several data subject rights, as well as comprehensive requirements for controllers and processors, such as mandatory breach notification, the appointment of data protection officers, and the implementation of technical and organisational measures to support data security.

The Law entered into effect on 2 January 2022 and the Executive Regulations are expected within six months from the Law's date of issuance (March 2022). Notably, companies must comply with the Law six months from the publication of the Executive Regulations. However, the Law does not apply to public entities or free zones in the UAE with their own data protection legislation (notably the DIFC and ADGM), nor does it apply to health or credit data governed by existing sectoral legislation. Furthermore, it repeals all laws which conflict with its provisions.

Browse more content in UAE - Federal

All Guidance Notes

All News

All Insights

News

27 February 2024

International: UAE AI Office signs agreement with UNDP to promote the adoption of AI

27 February 2024

International: UAE signs MoUs with Austria, Mongolia, and Colombia to promote AI

13 October 2023

UAE: Artificial Intelligence Office publishes Responsible Metaverse Self-Governance Framework white paper

14 December 2022

International: US and UAE collaborate on digital economy

06 June 2022

International: Canada OPC signs MoU with ADGM Commissioner

09 February 2022

UAE: TDRA launches Digital Verification Platform in stride towards developing digital services

30 December 2021

UAE: CBUAE imposes AED 352,000 fine on exchange house for its failure to achieve timely compliance with AML/CFT

14 December 2021

UAE: CBUAE imposes monitoring followed by AED 19.5M fine on UAE bank

14 December 2021

UAE: Central Banks of UAE and Iraq sign MoU to enhance cooperation on banking supervision

29 November 2021

UAE: UAE enacts new Federal Law on Protection of Personal Data as part of legislative reform package

22 November 2021

UAE: CBUAE issues guidance on AML/CFT for licensed exchange houses

15 November 2021

UAE: CBUAE, SCA, DFSA, and FSRA issue guidelines for financial institutions adopting enabling technologies

Insights

March 2024

UAE: An overview of direct marketing requirements

The term 'direct marketing' refers to business practices whereby businesses sell, promote, or advertise their products or services directly to members of the public through means such as SMS, telephone, or email. In the UAE, there is a range of spam and privacy legislation and regulations that specifically restrict direct marketing practices. The UAE has a multi-territorial, multi-jurisdictional legal system that encompasses the federal legislature as well as so-called 'free zones,' which are special economic zones with their own company and commercial laws specifically applicable for companies incorporated within the respective free zone. Nick O'Connell, Andrew Fawcett, and Darya Ghasemzadeh, from Al Tamimi & Company, provide an overview of the federal regulations, as well as specific legislation in some of the UAE's free zones.

January 2023

UAE: Data Protection in the Financial Sector

January 2023

UAE: Health and Pharma Overview

April 2022

UAE: What the new data protection law means for companies within the UAE - Part two

The Federal Decree-Law No. 45 of 2021 regarding the Protection of Personal Data ('the Law') became effective on 2 January 2022, and it is the UAE's first federally applicable, General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') style data protection law. The Law follows key international data protection principles and best practices, such as those found within the GDPR, and marks a positive step towards greater data protection harmonisation with international standards that is a necessity in today's interconnected age, which is characterised by cross border data flows on an international level. In part two of this series on the Law, Andrew Fawcett and Darya Ghasemzadeh, from Al Tamimi & Company, discuss some of the data subject rights under the Law, as well as its provisions on the role of a data protection officer ('DPO') and cross-border data transfers.

April 2022

UAE: What the new data protection law means for companies within the UAE - Part one

The Federal Decree-Law No. 45 of 2021 regarding the Protection of Personal Data ('the Law') became effective on 2 January 2022, and it is the UAE's first federally applicable, General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') style data protection law. The Law follows key international data protection principles and best practices, such as those found within the GDPR, and marks a positive step towards greater data protection harmonisation with international standards that is a necessity in today's interconnected age, which is characterised by cross border data flows on an international level. In part one of this two-part series on the Law, Andrew Fawcett and Darya Ghasemzadeh, from Al Tamimi & Company, provide an introduction to the provisions and scope of the Law, as well as the establishment of the UAE Data Office.

November 2021

UAE: New Federal Law on Protection of Personal Data - What you need to know

As part of the UAE's comprehensive 'Year of the 50^th' legislative reform¹, which either amends or enacts over 40 further laws with the aim of boosting the economic competitiveness of the UAE, the UAE Cabinet ('the Cabinet') issued, on 20 September 2021, its awaited Federal Decree-Law No. 45 of 2021 regarding the Protection of Personal Data ('the Law'). Marked as one of the first projects of its legislative reform, the Law will come into effect and be published in the Official Gazette² on 2 January 2022 as outlined in Article 31 of the Law, kicking off the transition period for organisations. This Insight article aims to provide a breakdown of the key obligations under the Law, with accompanying analysis on the impact of the Law for key stakeholders in the UAE from Dale Waterman, Managing Director for the Middle East and North Africa at Breakwater Solutions.

October 2021

UAE: Data protection requirements in the CBUAE Consumer Protection Regulations and Standards

The Central Bank of the United Arab Emirates ('CBUAE') announced¹, on 1 February 2021, that it had issued the Consumer Protection Regulation ('CPR')², as part of its Financial Consumer Protection Regulatory Framework and under its mandate to establish regulations for the protection of customers of all licensed financial institutions ('LFIs') under the Decretal Federal Law No. 14 of 2018 Regarding the Central Bank and Organisation of Financial Institutions and Activities. The CPR is supported by the Consumer Protection Standards³ ('the Standards') which define regulatory requirements to ensure consistent interpretation and implementation of the CPR principles.

This Insight will outline some of the data protection and privacy related requirements included within the CPR and the Standards which LFIs will need to comply with before 31 December 2021.

UAE - Federal

Summary

Browse more content in UAE - Federal

News

Insights

Get the Latest News

Thanks for signing up!

Company

Our Policies

Your Rights

Follow us