The three-month grace period for businesses to comply with the Dubai International Financial Centre (DIFC) Data Protection Law (DIFC Law No. 5 of 2020) (“DPL 2020”) came to an end on October 1, 2020. The DPL 2020 regulates the processing of personal data in the DIFC, and replaces the previous data protection law (DIFC Law No. 1 of 2007 (as amended) (“DPL 2007”)) and, significantly, brings the data protection regime in the DIFC closer in line to global data protection standards, notably GDPR and the CCPA. Although organizations already subject to the GDPR may be well placed to comply with the DPL 2020, it is recommended that organizations promptly begin reviewing their data processing activities to ensure they are in compliance with the DPL 2020. The financial and reputational consequences of failure to comply with the DPL 2020 are significant, including administrative fines of up to $100,000 and scope for larger, unlimited fines for serious violations of the DPL 2020.
What You Need to Know: New DIFC Data Protection Law in Force
Categories
© 2024 Akin Gump Strauss Hauer & Feld LLP. All rights reserved. Attorney advertising. This document is distributed for informational use only; it does not constitute legal advice and should not be used as such. Prior results do not guarantee a similar outcome. Akin is the practicing name of Akin Gump LLP, a New York limited liability partnership authorized and regulated by the Solicitors Regulation Authority under number 267321. A list of the partners is available for inspection at Eighth Floor, Ten Bishops Square, London E1 6EG. For more information about Akin Gump LLP, Akin Gump Strauss Hauer & Feld LLP and other associated entities under which the Akin Gump network operates worldwide, please see our Legal Notices page.