His Highness Sheikh Mohammed bin Rashid Al Maktoum, Vice President and Prime Minister, in his capacity as Ruler of Dubai, has adopted the Data Protection Law No. (5) for the year 2020 of the Dubai International Financial Center.
The new data protection law includes provisions on developing the existing data protection system for the Dubai International Financial Center, which is considered one of the most advanced systems in the region. The new law is scheduled to start from July 1, 2020, while the current law (Data Protection Law issued by the Dubai International Financial Center No. 1 of 2007) will remain in effect until the new law begins.
The law establishes the "center" in the leadership of data protection efforts in the region.
- Determine requirements for accountability and individuals' control of personal data and fines.
The DIFC Authority Board of Directors has also issued new data protection regulations, which specify reporting and reporting procedures for the person responsible for data protection, accountability, record-keeping, fines and jurisdictions appropriate for sharing and transmitting personal data.
The new data protection law and its regulations in the Dubai International Financial Center determine the responsibilities of the monitors and data processors in the center, in relation to many principles related to the main areas of privacy and security, where the data protection law adopted the best practices in force in a variety of international laws specialized in Data, such as the GDPR, California Consumer Privacy Act, and other advanced principles and regulations that focus on the use of technology in its operations.
The new law
The provisions of the new law confirm the commitment of the Dubai International Financial Center to develop a system that contributes to enabling business, by issuing tight regulations that apply to all companies operating in the center, as well as enabling the Dubai International Financial Center to continue to establish its reputation as a leading global financial center, based In his work on the foundations of innovation, cooperation, and ethics promotion in data sharing.
The new law and its regulations also provide a framework, which supports the efforts of the Dubai International Financial Center to obtain accreditation from the European Commission, the United Kingdom and other judicial bodies, facilitating compliance with data transmission requirements for companies operating in the Dubai International Financial Center.
The new changes in the law included provisions to legislate procedures for the accountability of monitors and data processors through the requirements of compliance programs, as well as appointing data protection officials when necessary, undertaking assessments of the effects of data protection, and enforcing contractual obligations protecting individuals and their personal data.
The law clarifies the enhanced rights of individuals, in terms of the use of data by companies that collect and manage personal data, including the rights stipulated in contractual clauses when dealing with providers of modern technologies, such as digital transaction technology (Blockchain), and artificial intelligence.
Permission options for transferring data "across borders" were also removed, and the category for the processing of personal data was deleted, while the law and its organizational structures promote data exchange between government agencies, in a major step that raises the standards for data exchange within the UAE and at the regional level.
The law imposes fines for serious violations of its terms in addition to or in place of administrative fines, in addition to increasing the upper limit for fines.
"The Dubai International Financial Center continues to develop its legal system and legislation based on principles of compliance, integrity and security, as the new data protection law combines best practices from data protection and privacy laws worldwide," said Issa Kazim, Governor of the Dubai International Financial Center.
Kazem added: “Through these regulations, the Dubai International Financial Center sets clear requirements for all companies, in order to be able to adopt the best global practices related to data and privacy, which enhances our position as an international financial center that adopts a future planning approach in the finance sector at the regional level, and contributes to enabling us to continue Building on the center's global reputation.
Although the data protection law will come into effect as of the first of July 2020, companies that manage their operations in the center, and to which the law applies, will have a period of three months from that date until the first of October 2020, to be able to apply the provisions of the law, Before it became effective, given the current situation associated with the spread of the Corona epidemic.