The personal data protection law UAE, Federal Decree No. 45 of 2021 on the Protection of Personal Data, provides a unified framework to ensure the confidentiality of the information and protect the privacy of individuals in the UAE. Provide good governance for data management and protection, and define rights and obligations for everyone involved.
Discover the Personal Information Protection Law- data protection law UAE
- Legal provisions apply to all or part of the processing of personal data by domestic or foreign electronic systems.
- The law defines the controls over the processing of personal data and the general obligations of businesses to protect personal data and to retain personal data to protect its confidentiality and privacy. We prohibit the processing of personal data without the consent of the owner, except where the processing is necessary to protect the public interest or to exercise legal processes and rights.
- The law gives data owners the right to demand the rectification of inaccurate personal data and to restrict or stop the processing of personal data.
- It sets out requirements for sharing personal data for cross-border transfers and processing purposes.
- The Personal Data Protection Act is the first federal law drafted in collaboration with large private-sector technology companies. It will come into force on January 2nd, 2022.
Other laws related to data protection law UAE and privacy include:
Consumer protection law
Federal Law No. 15 of 2020 on Consumer Protection protects all consumer rights, including consumer data, and prohibits providers from using them for marketing purposes.
Protecting health data and information
Federal Law No. 2 of 2019 on the Use of Information and Communication Technology (ICT) in Health Care regulates the use of Information and Communication Technology (ICT) in health care in the UAE, including in free zones. Read more about the law.
Data protection law UAE and privacy on the Internet
Laws on Fighting Rumors and Cyber Crime
Federal Decree No. 34 of 2021 on Combating Rumors and Cyber Crime (available only in Arabic) provides a comprehensive legal framework to address concerns related to the misuse and abuse of online technology. increase. It aims to improve the level of protection against online crimes committed through the use of information technology, networks, and platforms.
Internet Access Management (IAM) Policy
The Telecoms and Digital Government Regulatory Agency (TDRA) is working with the National Media Council and Etisalat and Du (the licensed internet service providers in the UAE) to implement the Internet Access Management (IAM) Directive in the UAE. Online content used for impersonation, fraud, phishing, and/or invasion of privacy under this policy may be reported to Etisalat and Du for removal.
Act on Electronic Trading and Trust Business
Laws regulate the validity of electronic documents and strengthen the legal value of digital signatures and their level of security. This includes rules for e-transactions, how to store and store, and send and receive e-Documents to enable them. It also establishes licensing requirements for properly licensed trust service providers to create, validate, and maintain electronic signatures, digital seals, and digital certificates.
What should companies do regarding the data protection law UAE?
The data protection law UAE has caused a paradigm shift in how businesses view personal data collection and processing, affecting businesses in all industries involved in the personal data processing. Key considerations for businesses on the road to compliance with the data protection law UAE include:
Visibility of personal data protection law UAE
In recent decades, technological advances and business changes have led to the collection and processing of large amounts of data, including personal data. However, given the requirements of the data protection law UAE, large amounts of data create a need for greater visibility and control, especially of personal data.
Some of the requirements under the data protection law UAE include:
Providing privacy notices, maintaining dedicated records of processing activities, meeting data subject requests, and ensuring confidentiality and integrity raise important issues that companies need to address. Does your company collect/process?”
To this end, it is appropriate for organizations to conduct data discovery to identify and map the collection, storage, processing, and transmission of personal data within their environment to address this issue.
ensure that the processing is fair and lawful;
Today, personal data and related processing activities are an integral and often unavoidable part of business operations. The data protection law UAE does not prevent companies from collecting or processing personal data but does require companies to ensure that personal data is processed in a lawful, fair, and transparent manner.
Therefore, it is important for businesses to retrospectively review their business processes to ensure that their processing of personal data is lawful and in line with permissible legal grounds under the data protection law UAE. In addition, businesses should review and update their privacy policies/notices to increase the transparency of their processing activities related to the collection and use of personal data.
Additionally, organizations should establish/update mechanisms to obtain and record (if required) consent from data subjects for further processing of personal data.
Protection of individual rights
Under the data protection law UAE, data subjects have rights to access and access, right to rectification/blocking/erasure, right to data portability, and right to object. , has the right to personal data. This can be done, for example, by the data subject requesting the organization for a copy of all personal data or, subject to certain permissible exceptions, to rectify/delete certain personal data that the organization must comply with. It means that you can request
This requires companies to better manage personal data and set standard operating procedures to manage the lifecycle of requests received from data subjects.
Addressing cross-border issues
The data protection law UAE prohibits the transfer of personal data outside the United Arab Emirates, subject to certain exceptions provided by law. This can affect companies operating globally, using cloud hosting (outside the UAE), or taking advantage of outsourcing agreements. As a result, we may need to re-evaluate data hosting/transfers and take the necessary steps to ensure compliance.
Use of third-party providers
Companies are constantly hiring third parties to support their business processes. With the enactment of the data protection law UAE, traditional approaches to vendor onboarding and management need to be evaluated and redefined accordingly. The data protection law UAE requires companies to take additional steps before disclosing personal data to third-party service providers (“data processors”), including compliance monitoring.
You Can Discover more about Data Protection Law UAE.
Read more: The Best Lawyer in Dubai