Dubai International Financial Centre updates its Data Protection Law

Dubai: A Data Protection Law for Dubai International Financial Centre (DIFC) – Law No. 5 – will come into effect July 1, with DIFC registered businesses having until October 1 to comply with it.

Until then, the Data Protection Law DIFC Law No. 1 of 2007, will remain in effect. The updated version was enacted by His Highness Sheikh Mohammed bin Rashid Al Maktoum, Vice-President and Prime Minister of the UAE and Ruler of Dubai.

The latest version sets out expectations for controllers regarding several privacy and security principles.

Best practices from everywhere

The Data Protection Law combines the best practices from a variety of laws, such as the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act, and other “forward-thinking, technology agnostic concepts”.

“The requirements reflect the DIFC’s commitment to developing an enabling business ecosystem with robust regulatory and compliance guidelines for all organisations operating from the Centre,” according to a statement.

“They will enable DIFC to continue to build upon the Centre’s reputation as a leading global financial centre focused on innovation and collaboration, whilst also promoting ethical data sharing.

“Importantly, the Data Protection Law and Regulations provide a framework that will support DIFC’s bid for adequacy recognition by the European Commission, the UK and other jurisdictions, easing data transfer compliance requirements for DIFC businesses.”