Does the UAE Have a Data Protection Law?
UAE Have a Data Protection Law
The data protection law in the UAE defines “personal data” as any information about an identifiable natural person. These identifiers can include a person’s name, voice, picture, identification number, online identifier, geographic location, and special features that express physical identity. The law also defines “processing without consent” as any processing performed in the course of a person’s employment. Even though the UAE is not a member of the European Union, it has enacted laws aimed at protecting data of EU residents.
While the UAE’s new data protection law includes a number of provisions aimed at protecting personal information, certain types of data are exempt from its coverage. Government and public entities will be exempt from its protection, as will health and credit data. However, businesses within free zones will be subject to their own data protection law. Despite its limited scope, it still requires that personal information be collected for a specific purpose and only for that purpose.
The law requires that companies notify the UAE Data Office and affected data subjects if there is a data breach. The executive regulations will set out the specific timelines for a notification. It is comparable to the GDPR in that the UAE has a mandatory notification procedure for data breaches that pose a risk to the rights and privacy of data subjects. This law is a significant step in protecting personal data in the UAE.
Although the UAE has enacted several laws governing personal data, it is still unclear if it will be able to enforce it effectively. Federal Law 3 of 1987, also known as the Penal Code, states that a person can be punished for disclosing “secret” information. However, this definition is not clearly defined and the UAE Onshore courts do not apply a binding system of court precedent.
Does the UAE Have a Data Protection Law?
GDPR and UAE Healthcare City both have their own data protection laws. Health providers in Dubai Healthcare City must inform patients of the reasons for the data collection, use it for the purposes it was intended for, and keep it secure. The regulations also prohibit the transfer of health data outside the UAE, with limited exceptions. Regardless of the data protection laws in the UAE, it is important to note that these laws protect patients’ privacy and information.
Changes to Data Protection law
In addition to the UAE DPL, the DIFC Data Protection Law 2020 defines a concept known as “High Risk Processing Activities.” Under the new law, entities performing High Risk Processing Activities must appoint a Data Protection Officer (DPO). These DPOs must be based in the UAE, and should have appropriate training and experience. Furthermore, entities performing High Risk Processing Activities must appoint a Data Protection Officer (DPO) for their business.
Key points on the new uae data protection law
In addition to the new legislation, the UAE has several other privacy laws. The Human Resources Law is another piece of legislation in this area. It has an obligation for civil servants to return Ministry information to the Ministry. It is important for companies to follow these regulations to protect the rights of their clients. They also need to comply with the laws that govern their use of personal data. It is essential to protect personal data in the UAE.