DIFC: Data Protection Law and Data Protection Regulations enter into effect
The Dubai International Financial Centre ('DIFC') published, on 1 July 2020, the Data Protection Regulations ('the Regulations') which entered into effect on the same date, along with the Data Protection Law No. 5 of 2020 ('the Data Protection Law'). In particular, the Regulations outline, among other things, provisions regarding minimum content to be included in personal data processing records, activities which require data processing notifications to the Data Protection Commissioner ('the Commissioner'), data protection officer ('DPO') controller assessments, transfers out of the DIFC, the mediation process, and fines. Furthermore, the Regulations include three Appendices which cover fees, notices and a list of adequate jurisdictions for the transfer of personal data.
In addition, the DIFC updated portals regarding FAQs, guidance, adequate data protection regimes, and data protection forms and fees, including the Standard Contractual Clauses ('SCC') approved by the Commissioner that may be used for transfers outside the DIFC to a non-adequate jurisdiction as well as various guidance including, among others, Guide to Data Protection Law, DIFC Law No. 5 of 2020 and Data Protection Regulations, Complete Guide to Data Protection Notifications, Notifying the Commissioner of Data Protection of a Security, and Individuals' Rights to Access and Control DIFC Personal Data Processing.