To protect personal data, the United Arab Emirates’ federal government promulgated Decree-Law No. 45 of 2021 on September 20, 2021. As a result, the UAE’s regulatory framework has undergone a significant shift, paving the way for the modernization of the economy and the digitalization of growing sectors.
Federal Law 44 of 2021 mandates the establishment of the Emirates Data Office (the “Data Office”), which will serve as the new data regulator. The Data Office will also be responsible for implementing the law and drafting supporting laws and recommendations.
It effected on January 2, 2022, and its executive regulations, which elaborate on essential themes, will be issued no later than six months after that date (currently May 28 2022). The Data Officer has the authority to extend the six-month deadline for controllers and processors to comply with the Law if it deems it essential to do so.
According to Article 2(1) of the UAE Personal Data Protection Law (PDPL), it has an extraterritorial application, meaning it will apply to both UAE-based controllers and processors and those based outside the UAE and handle personal data of UAE residents.
Exceptions:
Notably, the Data Protection Law’s scope includes significant exceptions, such as those relating to:
The new PDPL establishes a new set of rights for data subjects in the UAE, granting them increased control over how their personal data is used. The law establishes the following rights for data subjects:
Each data subject has the right to know what data or information has been gathered about them by a company. Similarly, the data subject has the right to obtain information on why their data was acquired, where it is kept, what safeguards are in place to secure their data, and what steps would be taken in the case of a data breach.
Data subjects have the right to receive all their information in a simple format to read and transferable across all major platforms and media, similar to the right to access their information.
All data subjects have the right to request that any enterprise processes no more data relating to them. Once the company has exercised its claim, the business must ensure that no additional data is collected on the data subject.
Any data subject has a right to seek the erasure of any or all personal data stored about them.
Each data subject has the right to object to a business’s use of any or all data acquired about them to help automated decision-making that may impact them.
If data collected on data subjects is outdated, incomplete, or incorrect, all data subjects have the right to request that the data handler change, amend, or modify it.
You may want to know: How does Intellectual Property protect a mobile App?
To be more specific, personal data may only be processed if the individual whose personal data has permission. The following are, however, some notable exceptions:
As a result of the new regulations, data controllers are required to:
Data processors will also have to adhere to a slew of new regulations, including those relating to their connections with data controllers.
Want to know: Take Down Notice for Online Copyright Infringement: Steps to Complete the Process
According to the new legislation, the UAE Data Office would be tasked with formulating policy, drafting legislation, and giving instructions for the practical application of data protection laws.
This article aims to provide a general overview of the subject. The information included herein may not be appropriate in all circumstances and should not be relied upon without seeking specialized legal counsel based on specific cases.
For more information on Data Protection Law, please don’t hesitate to contact HHS Lawyers in Dubai today.
Reference:
https://u.ae/en/about-the-uae/digital-uae/data/data-protection-laws