ADGM Data Protection Regulations
United Arab Emirates
2021
Privacy
Overview
The Abu Dhabi Global Market (ADGM) Data Protection Regulations, updated in 2021, align closely with the EU GDPR and set a comprehensive framework for personal data handling within the ADGM free zone. The regulations promote accountability, transparency, and individual rights while ensuring data security.They apply to all ADGM-registered entities, including banks, financial services firms, fintechs, insurers, investment companies, law firms, and corporate service providers. The regime establishes detailed obligations for controllers and processors, with oversight by the Office of Data Protection (ODP).
Key Obligations
- Process personal data lawfully, fairly, and transparently
- Obtain clear consent where required
- Provide rights of access, correction, erasure, restriction, objection, and portability
- Conduct Data Protection Impact Assessments (DPIAs) for high-risk processing
- Appoint a Data Protection Officer (DPO) in specified circumstances
- Notify the ADGM ODP of data breaches without undue delay
- Restrict cross-border data transfers unless adequate protection or safeguards exist
- Maintain records of processing activities and adopt technical/organizational safeguards
Stay ahead of risk with Signzy
Explore tools that help you onboard, monitor, and verify with confidence
Related Regulations
FAQ
Who enforces these regulations?
The Office of Data Protection (ODP) within ADGM.
Do they apply outside ADGM?
No. They apply to all entities established, incorporated, or licensed in the ADGM free zone.
Are breach notifications mandatory?
Yes. Controllers must notify the ODP and, if high-risk, the affected data subjects.
What penalties apply for non-compliance?
Fines of up to USD 28 million, depending on the severity of the violation.