Data Protection in UAE - Dubai (DIFC)

Registration in UAE - Dubai (DIFC)

Controllers and Processors are required to submit a notification to the Commissioner via the DIFC’s online portal (the “Notification”) (Article 14 (7) DPL) and to keep that up Notification to date.   

The Notification must contain the following information: 

  • a general description of the Personal Data Processing being carried out;
  • an explanation of the purpose for the Personal Data Processing;
  • the Data Subjects or class of Data Subjects whose Personal Data is being Processed;
  • a description of the class of Personal Data being Processed; and
  • a statement of jurisdictions to which Personal Data will be transferred by the Controller, along with an indication as to whether the particular jurisdiction has been assessed as having an adequate level of protection for the purposes of articles 26 and 27 of the DPL.

The information set out within the Notification will be available on the DIFC’s public register. 

Where an organisation is required to appoint a Data Protection Officer (see DPO), the DPO must complete an “Annual Assessment” in the form prescribed by the Commissioner.

Continue reading

  • no results

Previous topic
Back to top