Categories
Blogs

Cracking the Code: ADGM Data Protection Regulations and Best Practices

Cracking the Code: ADGM Data Protection Regulations and Best Practices
Cracking the Code: ADGM Data Protection Regulations and Best Practices

In June 2023, A fraudulent phishing email that came from an employee of an ADGM company’s email address was reported to the Data Protection Office by ADGM Information Security. Even though the company filed a breach notice form, it lacked information in both the first notification and the follow-up assessment. Due to the company’s failure to non-cooperation with the Commissioner, insufficient organizational and technical measures, and inability to guarantee the proper security of personal data, the Commissioner of Data Protection in ADGM has issued a Direction under ADGM Data Protection Regulation 2021.

This case study is a clear indication of how stringent the Data Protection measures are in the Abu Dhabi Global Market. ADGM, the International Financial Centre (IFC) located in the capital city of the United Arab Emirates (UAE) has always kept data privacy as its top priority. ADGM Data Protection Regulation is the key factor that guards the data privacy in ADGM. By adding obligations for personal data processing, the ADGM Data Protection Regulation (DPR) was revamped in Feb 2021, replacing the 2015 Regulation.

Let’s explore a bit more about the ADGM Data Protection Regulation 2021;

As per Article 63, the ADGM DPR 2021 ensures the protection of Personal Data used by businesses and organizations in ADGM. In the cases of non-compliance, the Commissioner of Data Protection has enforcement powers to impose new regulations and obligations. To streamline the actions, the DPR has set up an Office of Data Protection and certain tools under it which makes the whole process easier.

ADGM follows the European Commission’s approach for Data Privacy and Protection for the security of data that is transferred out of ADGM by designating jurisdictions that are deemed adequate from a data protection perspective out of ADGM. Only if the recipient’s local laws guarantee a sufficient degree of protection for the Personal Data, then the data be transferred to a recipient situated in a jurisdiction outside ADGM.

Then, what is the Office of Data Protection?

The Office of Data Protection oversees data protection within ADGM, keeping track of Data Controllers, enforcing Data Controller requirements, and defending individual rights. It is necessary for all ADGM-registered entities handling personal data to register as Data Controllers. The Office of Data Protection maintains a register of Data Controllers in ADGM as a part of its regulatory functions and publishes the register publicly to promote transparency and openness. Also, there are Data Processors who must process the personal data.

The Data Controllers and Processors in ADGM Data Protection Regulation

Any individual or organization that chooses, alone or in concert with others, the goals, and methods for processing personal data in ADGM. Data Controllers decide how and why the data is processed. They should make sure that any processing of Personal Data that they handle conforms with the regulations. Data Controllers are required to promptly inform the Office of Data Protection about personal data breaches. This notification should occur without unnecessary delay and, if possible, within 72 hours of the controller becoming aware of the breach. Additionally, Data Processors are appointed on behalf of the

Data Controllers who have access to personal data. External service providers that have been designated by an ADGM Data Controller are examples of Data Processors.

You can make use of the tips given below to comply with ADGM Data Protection Regulations:

Register as Data Controller:
Register and renew annually with the ADGM Office of Data Protection.

Permits for Sensitive Data:
Apply for permits to process, transfer, and register data processors.

Compliance Principles:
Adhere to ADGM DP Law principles, including lawfulness, fairness, transparency, and accountability.

Data Protection Officer (DPO):
Appoint a DPO for systematic high-risk data processing.

Breach Reporting:
Report breaches to the Office of Data Protection within 72 hours.

Data Protection Impact Assessments (DPIAs):
Complete DPIAs for high-risk processing, reporting to the ADGM Office.

Sensitive Data Policy:
Implement policies for processing sensitive personal data.

Response Time:
Respond to individual data protection filings within 2 months.

MS’s Commitment to Data Protection Regulations in ADGM

The ADGM Data Protection Regulation 2021 is designed to offer comprehensive and robust measures to ensure the safety and security of personal data. MS, in line with its commitment to the highest standards, guarantees complete compliance with the ADGM Data Protection Regulations. This commitment not only serves as a safeguard against evolving threats but also acts as a catalyst, propelling your business to new heights in the ever-changing landscape of data protection.

Disclaimer :

Registered in Abu Dhabi Global Market (Registered No. 000007218),
We are not an ADGM Registered Corporate Service Provider.

Leave a Reply

Your email address will not be published. Required fields are marked *