Watch videos with subtitles in your language, upload your videos, create your own subtitles! Click here to learn more on "how to Dotsub"

The New DIFC Data Protection Law - International data transfers

0 (0 Likes / 0 Dislikes)
Most data protection regimes impose some restrictions on the transfer of personal data outside the relevant jurisdiction. The existing DIFC law is no exception, but it was slightly confusing and had become out-of-step with other international laws, such as Europe's General Data Protection Regulation, the GDPR. The new DIFC Data Protection Law provides four routes for data transfers: First, if the destination jurisdiction offers an adequate level of protection. Secondly, if appropriate safeguards are implemented. Thirdly, if the transfer falls under one or more specific derogations. And fourthly, in other limited specific circumstances. The process of obtaining a permit for data transfer, that was contained in the current law, has been removed. In relation to territorial adequacy, the DIFC Commissioner of Data Protection is going to publish regulations that confirm which territories are adequate. This is likely to be consistent with the findings of the European Commission, but there is scope for the Commissioner to make its own determination. The Commissioner has already confirmed that the UK will be considered adequate if Brexit occurs, provided current UK data protection laws are not repealed or amended. The permitted appropriate safeguards are consistent with the approach taken in the GDPR, in particular the concepts of standard approved contract clauses and binding corporate rules are reflected under the new DIFC law. Available derogations include the explicit consent of the data subject, contractual necessity and the exercise or defence of legal claims. It is important to note, though, that those derogations and specific circumstances should not be relied upon as a matter of routine. Businesses that are subject to the new DIFC Data Protection Law will need to consider what personal data is sent or shared outside the DIFC by their organisation, including to other parts of their corporate group. A transfer of personal data would include the use of an online service or system that hosts personal data on servers located outside the DIFC. So, international data flows are going to need to be checked for compliance. If the recipient is not in a country considered to offer an adequate level of protection, then the controller will need to implement an appropriate safeguard, which will likely require a contract amendment or addendum.

Video Details

Duration: 2 minutes and 39 seconds
Country:
Language: English
License: Dotsub - Standard License
Genre: None
Views: 0
Posted by: clydecomarketing on Jul 1, 2020

The DIFC Authority has recently announced the release of the new DIFC Data Protection Law, which will come into force on 1 July 2020. We have prepared a series of short videos to address some of the key enhancements and implications of the new law. In our latest video, Dino Wilkinson outlines all you need to know about international data transfers.

Caption and Translate

    Sign In/Register for Dotsub to translate this video.