• By: Enrule Legal Consultancy
• 28-Apr-2023
• Comments: 0

UAE DATA PROTECTION

  UAE ISSUED PERSONAL DATA PROTECTION LAW The UAE had issued a data protection law named the UAE Personal Data Protection Law (PDPL). The law was officially announced on 15 July 2020 and came into effect on 1 June 2021. The Personal Data Protection Law regulates the processing, handling, and storage of personal data by organizations operating in the UAE. The UAE Personal Data Protection Law is a comprehensive data protection law that regulates the processing, handling, and storage of personal data by organizations operating in the UAE. The law aims to protect individuals' privacy by ensuring that personal data is collected, stored, processed, and shared in a secure and transparent manner. It also provides individuals with certain rights such as the right to access their personal data and the right to request corrections or deletion of their personal data. The UAE Personal Data Protection Law is the first comprehensive data protection law introduced in the UAE and is expected to have a significant impact on how organizations handle personal data in the country. Under the law, personal data refers to any information that can identify a natural person, directly or indirectly. Examples of personal data include names, ages, phone numbers, email addresses, location data, and financial information. The law applies to both individuals and organizations that process personal data in the UAE, regardless of whether they are based in the UAE or overseas. The Personal Data Protection Law provides individuals with certain rights, including the right to access their personal data, the right to rectify or delete their personal data, and the right to object to the processing of their personal data. The law requires organizations to obtain clear and explicit consent from individuals before processing their personal data and to ensure that personal data is processed only for specific and legitimate purposes. Under the law, organizations must appoint a Data Protection Officer (DPO) whose role is to ensure that the organization complies with the law's requirements. Organizations are required to notify the authorities of any data breaches within 72 hours of becoming aware of the incident. The law imposes various penalties on organizations that breach the law's provisions, including monetary fines and criminal sanctions. The UAE Personal Data Protection Law was issued by the UAE Cabinet and was announced on 15 July 2020. The law was published in the UAE's Official Gazette and came into effect on 1 June 2021. The law was developed with the support of the International Association of Privacy Professionals (IAPP) and in line with global data protection standards, such as the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). The National Electronic Security Authority (NESA) is responsible for overseeing the implementation of the law and ensuring compliance by organizations operating in the UAE. The UAE Personal Data Protection Law is the first comprehensive data protection law introduced in the UAE and is expected to have a significant impact on how organizations handle personal data in the country.