In an era of increased globalization and rapid advances in technology, information has never been more readily available and transmittable. Businesses and in particular, banking and financial organizations, are increasingly processing and exchanging individual data electronically and across borders.
Personal Data includes any information relating to an individual, usually by linking it to be able to identify a specific person. Biometric data, photos, even IP addresses can all be considered Personal Data in context. Sensitive personal data is that which is subjective or inherent to the person, such as ethnicity, religion or political or philosophical beliefs. The result of the processing and mishandling –voluntary or involuntary- of personal data can have significant consequences, including credit card and identity theft. It is crucial that individuals’ right to privacy is protected by establishing effective data protection laws and enforcing legal safeguards to secure and protect personal data and its processing.
The Data Protection Law prescribes rules and regulations regarding the collection, handling, disclosure and use of personal data in the DIFC, the rights of individuals to whom the personal data relates and the power of the Commissioner of Data Protection in performing their duties in respect of matters related to the processing of personal data as well as the administration and application of the Data Protection Law.
The Data Protection Law embodies international best practice standards, and is consistent with EU regulations and OECD guidelines and is designed to balance the legitimate needs of businesses and organizations to process personal information while upholding an individual’s right to privacy.
To help persons and businesses operating in the DIFC maintain compliance with the Data Protection Law, this site has been designed to provide a useful point of reference and guidance, as well as assist individuals who wish to find out more about the obligations and rights available to them under the Data Protection Law.
DP Law 2020 applies in the jurisdiction of the DIFC, to the Processing of Personal Data: (a) by automated means; and (b) other than by automated means where the Personal Data forms part of a Filing System or is intended to form part of a Filing System.
The data protection legislation is intended to protect the processing of Personal Data by a Controller or Processor or any Third Party related thereto. It also reinforces ethical data management through accountability requirements. It creates a legal and procedural framework which ensures that an individual’s Personal Data in the DIFC is treated fairly, lawfully and securely when it is stored, used or released.
The data protection legislation strikes a balance between a Data Subject’s right to control access to, and the use of, their Personal Data with a Controller’s need to collect and use Personal Data for legitimate or other specific legal purposes.
Upon the enforcement of the DIFC Data Protection Law, DIFC registered entities with an appointed Data Protection Officer (DPO) will be required to submit an annual Assessment as per Article 19 of the DIFC Data Protection Law, DIFC Law No. 5 of 2020
The first submission of the Annual Assessment (if required in accordance with Article 19, i.e., where a DPO must be appointed) will be made on the first license renewal date after July 1, 2021.
Example:
• If your license renewal date is April 3, 2021, your first Annual Assessment filing date will be April 3, 2022.
• If your license renewal date is October 3, 2021, your first Annual Assessment filing date will be October 3, 2021.
Non Compliance Penalty ranging from $10,000 to $100,000 (and multiples thereof).
As a business it’s important that you protect and respect the personal data that you collect, and most importantly it must be handled in line with the current legislation. Customer trust is at the forefront of many businesses, and showing them that you value their data and will do your upmost to protect it is key to maintaining that trust. Our experts here at Excellence will assist you in making sure your organization is in compliance with the DP Law. For more information and any Corporate Services requirements, please contact us: info@excellenceauditing.com, +971 4557 0410
