Safeguarding Charitable Causes: The Crucial Role of Affordable Data Protection Helpline Services
Clive Mackintosh
July 1, 2022
New UAE Data Protection Regulation
The PDPL is broadly aligned with the UK and EU General Data Protection Regulation (GDPR).
In his latest blog, Clive Mackintosh, Founder of GDPR Rep, experts in GDPR Representative services looks at the new UAE Data Protection Regulation - the Protection of Personal Data (PDPL).
The new UAE data protection regime is based on Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL). The PDPL is a comprehensive law that covers all aspects of data protection, including the collection, use, storage, transfer, and disposal of personal data. The law also sets out the rights of individuals in relation to their personal data, such as the right to access, rectify, and erase their personal data.
The PDPL is broadly aligned with the UK and EU General Data Protection Regulation (GDPR).
However, there are some key differences between the two laws. For example, the PDPL does not require organisations to obtain explicit consent from individuals before collecting and using their personal data.
Here are some of the key features of the new UAE data protection regime:
Applicability
The PDPL applies to the processing of personal data by any person or entity, whether inside or outside the UAE.
Data protection principles
The PDPL sets out a number of data protection principles that businesses must comply with, including the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, and accountability.
Legitimate grounds for processing personal data
Businesses can only process personal data if they have a legitimate ground for doing so. The PDPL lists a number of legitimate grounds for processing personal data, such as consent, contract performance, legal obligation, and legitimate interests.
Data subject rights
Individuals have a number of rights in relation to their personal data, such as the right to access, rectify, erase, restrict, and object to the processing of their personal data.
Data breach notification
Businesses must notify the data protection authority and affected individuals of any data breaches that occur.
Data protection authority
The UAE Data Protection Authority (PDPA) is responsible for enforcing the PDPL. The PDPA has a number of powers, including the power to investigate breaches of the PDPL, issue fines, and impose other sanctions.
The new UAE data protection regime is a significant development for the country. The law is designed to protect the privacy of individuals and to promote trust in the digital economy. The PDPL is also expected to make it easier for businesses to do business in the UAE, as they will be able to rely on a clear and predictable data protection framework.
GDPR Rep is on a mission to help every business achieve and fulfil data protection obligations including EU and UK GDPR, FADP and other international requirements. If you are looking into how your organisation can fulfil its requirements why not schedule a no-commitment call with a GDPR representative expert today, or get a quote to understand how our value pricing makes compliance simple.
