Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

EU - Abu Dhabi Global Market: GDPR v. Data Protection Regulations 2021

In this report, OneTrust DataGuidance provides a means of analyzing and comparing data protection requirements and recommendations under the General Data Protection Regulation (GDPR) and the Data Protection Regulations 2021 (the Regulations).

The report examines and compares the scope, main definitions, legal bases, data controller and processor obligations, data subject rights, and enforcement capacities of the Regulations with the  GDPR.

You can access the latest version of the report here.

What are the Regulations?

In the ADGM, the Regulations, enacted on February 14, 2021, govern the processing of personal data by persons operating in the Free Zone. In particular, the regulations provide for a 12-month transition period for current establishments, as well as for a six-month transition period for new establishments, to commence from February 14, 2021. The regulations aim to bring the ADGM data protection regime in line with international standards like the EU's GDPR.

Key highlights

The Regulations and the GDPR share some similarities, including:

  • both have similar legal grounds for processing personal data, including consent, contractual performance, controller obligations, and public interest;
  • share similar definitions of data processing, pseudonymized data, and special categories of data; and
  • Both the GDPR and the Regulations require that controllers carry out data protection impact assessments (DPIAs).

However, despite their similarities, the Regulations and the GDPR also differ sometimes in their approach, such as:

  • unlike the Regulations, the GDPR does not define child;
  • the GDPR and the Regulations also present slight differences in relation to response timeframes; and
  • the Regulations differ slightly from the GDPR in the definitions for personal data and automated processing.