DIFC Data Protection Law
United Arab Emirates
2020
Privacy
Overview
The Dubai International Financial Centre (DIFC) Data Protection Law, enacted in 2020, aligns with global standards such as the EU GDPR. It regulates the collection, processing, storage, and transfer of personal data within the DIFC, ensuring privacy, accountability, and transparency.It applies to all DIFC-registered entities, including banks, financial institutions, fintechs, asset managers, insurers, law firms, and corporate service providers. The law provides individuals with enhanced data rights and sets strict obligations for controllers and processors.
Key Obligations
- Process data lawfully, fairly, and for specified purposes
- Obtain explicit consent where required
- Grant data subjects rights: access, correction, erasure, restriction, and portability
- Conduct Data Protection Impact Assessments (DPIAs) for high-risk processing
- Appoint a Data Protection Officer (DPO) where necessary
- Notify the DIFC Commissioner of data breaches without undue delay
- Restrict cross-border transfers unless adequate safeguards exist
- Maintain processing records and adopt technical/organizational safeguards
FAQ
Related Regulations
Stay ahead of risk with Signzy
Explore tools that help you onboard, monitor, and verify with confidence
KYB
Know Your Business verification solutions to authenticate business entities and ensure compliance with regulatory requirements.
MENA API Marketplace
Comprehensive API marketplace for the Middle East and North Africa region, offering localized verification and compliance solutions.