Learn about the Law and Its Significance!

Understanding the Law of Data Protection in DIFC

As Personal Data Processing is a key factor, brushing up your knowledge about the Law of Data Protection in DIFC which gives an ample amount of protection to your personal data. Dubai International Financial Centre paved the way for data protection by adopting its most recent DIFC Data Protection Law (DP Law) No. 5 of 2020 for personal data processing. Like the Abu Dhabi Global Market (ADGM) Data Protection Regulations, the DIFC DP Law appoints a Commissioner of Data Protection as the supervisory authority. While both entities share common goals, they differ in the roles of Data Controllers and Data Processors.

The story of penalty in Law of Data Protection in DIFC

There was a non-compliance of a consulting firm to the DIFC DP law by not providing valid notice to data subjects, specifically contacts of new or existing employees, about the collection and use of their information for marketing purposes. The consulting used the personal Email addresses for direct marketing purposes without the knowledge of data subjects which is a breach of privacy and contravention to the DIFC DP law. A monetary penalty was imposed on the firm, amounting to $15,000 because of its non-compliance with the DIFC Data Protection Law.

Key Players in Law of Data Protection in DIFC: Data Subject, DPIA, and DPO:

· Data Subject: Individuals to whom personal data relates.
· DPIA (Data Protection Impact Assessments): Conducted for high-risk data processing, revealing potential risks to data subjects’ rights.
· DPO (Data Protection Officer): Oversees compliance, liaises with the Commissioner, conducts assessments, and manages DPIAs for high-risk processing activities.

Now, if a Data Breach happens, What’s Next?

In the event of a data breach, the Data Controller serves as the primary point of contact. It is the responsibility of the Data Controller to promptly notify the Commissioner of any breach involving personal data that puts the confidentiality, security, or privacy of a data subject at risk. Furthermore, the Controller must extend this notification obligation to the affected data subject if the breach is likely to pose a threat to their security or rights. This two-tiered notification process ensures transparency and timely communication in the face of potential risks to individuals’ personal information. Such measures align with the principles of the DIFC Data Protection Law, emphasizing the importance of swift action to mitigate the impact of data breaches on data subjects.

Penalties for Non-Compliance: While the DIFC DP Law specifies fines ranging from $10,000 to $100,000 for non-compliance, the Commissioner may impose fines beyond this range, deeming them reasonable and proportionate.

Tips to Comply with the Law of Data Protection in DIFC.

1. Clearly define lawful bases for processing personal and sensitive data.
2. Specify legitimate interests for transparent data processing.
3. Outline DPO duties and responsibilities.
4. Transfer data outside DIFC only to jurisdictions with adequate protection levels.
5. Inform data subjects when obtaining their personal data.
6. Clarify responsibilities among joint controllers, processors, and sub-processors.
7. Ensure data subjects’ rights are respected.
8. Promptly notify the Commissioner and data subjects of any personally identifiable information breaches.

MS’s Commitment to Data Protection in DIFC

In an era where personal data protection is paramount, understanding and complying with regulations like the DIFC DP Law is crucial. The above-mentioned case serves as a reminder that non-compliance can lead to significant penalties. As an advocate for data protection, MS emphasizes adherence to the DIFC DP Law to avoid penalties. Staying informed and implementing best practices are key to navigating the complex landscape of data protection in the DIFC.

click on the link to see a graphical presentation of the DIFC data protection carousel:
https://www.linkedin.com/feed/update/urn:li:activity:7159906525535211520