New DIFC Data Protection Law 2020: An overview
0 (0 Likes / 0 Dislikes)
There has been a data protection regime in DIFC for around 15 years.
It was the first in the Middle East
and the current DIFC Data Protection Law dates back to 2007.
In light of technological developments and increasing international standards
of data protection over that time,
in 2019 DIFC started the process of updating its data protection law.
The Centre wants to be a regional example of best data protection practice
and it aims to be the jurisdiction of choice for financial services in the Middle East.
Ideally for DIFC, its laws would be formally recognised
as offering the same level of protection
as Europe and other jurisdictions
in order to enable the free flow of personal data
between those countries and the DIFC.
The new law builds on current DIFC law
and is based on the same core principles.
And some of the main areas of interest for DIFC businesses and service providers
will include the development of the legal framework around consent
in the context of data processing,
the requirement for some controllers to appoint a data protection officer,
additional requirements around contracts with data processors.
There are changes and revisions to the regime for international data transfers
that will align it more closely with the EU GDPR.
There are enhanced rights for data subjects.
The law also include flexibility for innovation
and it allows for the adoption of new technologies.
There are many aspects to a successful data protection programme.
Businesses operating in or dealing with the DIFC should start thinking
about this sooner rather than later.