Please wait while the page is loading...

loader

Guidance on the DIFC Data Protection Laws

30 April 2014

Guidance on the DIFC Data Protection Laws

The Dubai International Financial Centre (DIFC) has published a guide to its Data Protection Law and Regulations. The guide sets out the DIFC Commissioner of Data Protection’s views on how he interprets some of the provisions and how DIFC companies can comply with the law in practice, says Dino Wilkinson, a partner at Norton Rose Fulbright (Middle East), in Abu Dhabi.


There is no specific data protection legislation in the UAE, but other laws on the use of private information have some relevant provisions, such as the Penal Code or the Cyber Crimes Law. He tells Asia IP that there is limited guidance from the Central Bank regarding data processing in the area. Some institutions adopt DIFC standards as best practice, particularly if they also have a DIFC branch or subsidiary.


“The guidance will help those dealing with DIFC entities to better understand the obligations on their business partners,” Wilkinson says. “It could also help improve the overall understanding of key data privacy concepts.”


Wilkinson notes that the guide is a significant development in the field of data protection as DIFC is recognized as one of the leading jurisdictions in the region. The DIFC intended to obtain the European Commission’s acceptance as a jurisdiction with an adequate data protection regime. This guide is another step in achieving the goals. It would be the first Middle East jurisdiction to achieve this rating and it would facilitate easier transfers of data to the region by European companies, he says.


“We are seeing increasing interest from our clients in taking advice to manage the legal risks of handling ever-growing amounts of personal data,” says him. “These risks are magnified for the many businesses in this region that operate internationally and also by new technology such as cloud computing.”


The Data Protection Law in the DIFC was amended and came into force in 2012. “It is designed to balance the legitimate needs of businesses and organizations to process personal information with the importance of upholding an individual’s right to privacy,” said Nick O’Connell, a senior associate at Al Tamimi & Co in Dubai.


Law firms