This Insight article provides a round-up of the relevant available guidance and materials in relation to data protection principles, data security, notification, breach, and Data Protection Impact Assessment ('DPIAs') requirements under the Law and Regulations of the DIFC, with a particular focus on the following guides: A Guide to Data Protection Law, DIFC Law No. 5 of 2020 and the Data Protection Regulations ('the Guide'); Complete Guide to Data Protection Notifications ('the Notifications Guide'); Guidance Relating to Data Subject Consent ('the Consent Guidelines'); Security Breach Guidance ('the Breach Guidance'); and High Risk Processing Guidance ('the High Risk Processing Guidance').
Insight
DIFC: Round-up of guidance on the DIFC's data protection law and regulations – Part 1
October 15, 2021
Summary
The DIFC Data Protection Law No. 5 of 2020, effective from July 1, 2020, aligns with the EU's GDPR and applies to controllers and processors within and outside the DIFC under stable arrangements. The Law mandates lawful, fair, and transparent data processing, specifying purposes and ensuring data accuracy, security, and limited retention. Guidance materials cover data protection principles, security measures, notifications, breaches, and DPIAs, with explicit consent required for special category data. Entities must register with the Commissioner, notify of processing operations and breaches, and conduct DPIAs for high-risk processing activities.