What Is The DIFC Data Protection Law?
Dubai International Financial Centre (DIFC) has issued a new Data Protection Law (DIFC No. 5 2020) to provide better standards and controls when processing personal data. These standards are in place to ensure and implement fundamental rights for users’ information within and by commercial businesses and corporate services in the UAE.
The new law, which came into force on October 1, 2020, replaced Data Protection Law No. 1 from 2007, to implement higher quality management when processors or controllers are using personal data within the DIFC. This enables the updated DIFC law to align with the data protection regulations implemented by the European Union General Data Protection Regulation (GDPR) which allows the DIFC to work alongside a wider realm of companies under European authority.
The redevelopment of this law is key to the DIFC’s strategy to provide a regulatory foundation that will support the standards implemented within the EU. This is beneficial as it reduces conflict between entities located within Europe and the DIFC, establishing the DIFC as a worldwide financial hub.
The updated Data Protection Law 2020 extends consumer rights by including requirements that follow regulations implemented by the European Union General Data Protection Regulation, including the right of access, which specifies that a customer must be provided with a copy of the data that is being processed within an organization, free of charge.
Why Does Data Protection Matter?
With the increase of technological advances observed these days, individual data has become increasingly accessible because modern technology is now part of people’s daily lives.
Sensitive and personal data pertains to any information that relates to an individual, and includes IP addresses, transaction data, photographs, ethnicity, political beliefs, religion and more.
Data protection is critical in preventing the misuse of users’ sensitive and personal data by any third parties, and is meant to protect them against fraud, scams, and identity and credit card theft. This ensures that clients are safeguarded against threats and risks within IT transformations, corporate services and artificial intelligence.
Industries such as financial institutions, banks, and commercial businesses process and exchange data via different electronic avenues, which will now be secured by the new Data Protection Law.
MBG is committed to crafting reliable and sustainable solutions, and our personalized strategies go hand in hand with data protection within our clients’ digital channels.
How Are the Changes Implemented?
Large and small organizations, including their legal, marketing, HR, sales, IT and customer service teams, must fully comply with the new regulations. There are key changes that will improve data protection within organizations, including changes in accountability, impact assessments, breach notifications, data protection officers, and more.
As businesses evolve and develop to stay up-to-date with new technologies and regulations, MBG’s audit and assurance services not only improve trust with stakeholders but also improve the quality and transparency of information to provide further protection within data and analytics for businesses.
If companies conduct high-risk processing activities, some will have to elect a data protection officer (DPO) to ensure security and protection measures are met when processing data as well as completing impact assessments before performing new data processing activities.
With the updated Data Protection law, employers will need a lawful and legitimate reason to process and share personal data to reduce the risk of customers’ data being used unlawfully or without consent, and controllers must notify the DIFC Commissioner if there are any breaches or violations.
In many businesses, risks are sometimes inevitable. However, MBG’s technological advisory services allow these risks to be managed by efficiently recognizing potential issues to combat various threats to businesses. As the leading risk advisory firm in the UAE, MBG can aid in providing guidance with regulatory policies and risks within data, information and legal demands to enhance growth while navigating fluctuations within relevant markets.
The DIFC commissioner has the power to issue administrative fines that can reach up to 100,000 USD and organizations/companies may be liable to pay any additional compensation to the user for breaching their data rights. Any employees or consumers have the right to withdraw their data at any time if they fear their data could be misused or shared unlawfully in any way.
To ensure organizations are meeting the regulatory requirements by DIFC, they should:
- Record all data movements. Keep a record of what personal data you have, where/whom it comes from, and who it will be shared with. Doing this will be the foundation for maintaining data processing activities under the new law.
- Raise Awareness. Make sure all staff are aware of the new regulations to ensure long-term compliance.
- Develop a data breach plan. Create and implement a data breach procedure to identify, report and examine any data breaches.
- Update and publish privacy notices. Keep customers and users updated with new rules regarding their data within the organization and how it will be used and maintained.
- Appoint a data protection officer (DPO). Assign a Data Protection Officer to be accountable for monitoring the safety of the procedures within your organization.
The updated Data Protection Law 2020 extends consumer rights by including requirements that align with the European Union General Data Protection Regulations and ensuring the safety of consumers and customers. In doing this, the movement of data within the DIFC will be safer and more secure. With data being created, stored and processed more and more each day, safeguarding this information is highly important to keep personal data safe and harder to compromise, lose or steal.
Because we are implementing these changes into our tailored services and solutions, you can stay one step ahead when you choose MBG to help you with your business concerns and guide you in achieving sustainable growth. Connect with us today here.