What is new?
On 1 July 2020, the Dubai International Financial Centre (DIFC) enacted the DIFC Data Protection Law No. 5 of 2020 (the DP Law), which revamps the data protection legal regime applicable in the DIFC. DIFC entities have until 1 October 2020 to put in place structures, systems and controls that enable them to comply with the new law.
The DP Law has been designed primarily to bring DIFC’s data protection legal regime in line with international best practices in data privacy laws, in particular the General Data Protection Regulation (GDPR), which has ignited privacy and data law reform worldwide. The DP Law sets out a clear requirement for all organisations to follow global best practice relating to data and privacy and also reflects the intention of the DIFC authorities to consider the specific needs of the DIFC, as well as the latest developments in technology.
No doubt the new law is a huge step forward for the region’s second-largest economy, and will help the DIFC attract new businesses. It should have a positive impact on the marketplace and be a game changer in the Middle East as a whole when it comes to data protection issues.
The changes brought in by the DP Law are substantial; it fleshes out further existing obligations and introduces a number of novel concepts to the DIFC. We briefly summarise a few of them below.