The Dubai International Financial Centre (DIFC) has issued a consultation paper relating to an update of the DIFC Data Protection Law*. The current law is based on the European Data Protection Directive which was replaced last year by the European General Data Protection Regulation (GDPR) and the DIFC is seeking to similarly update its own regime in light of that and other international developments.
The new draft law retains the same core principles as the existing law, but any business which processes personal data in the DIFC will need to be aware of some key developments proposed by the new legislation. Consultation responses are welcomed from any interested party.
Key features of the draft law include:
All businesses with DIFC operations, and providers of services who act as data processors on behalf of such businesses, will need to consider the implications of the draft law.