The three-month grace period for businesses to comply with the Dubai International Financial Centre (DIFC) Data Protection Law (DIFC Law No. 5 of 2020) (“DPL 2020”) came to an end on October 1, 2020. The DPL 2020 regulates the processing of personal data in the DIFC, and replaces the previous data protection law (DIFC Law No. 1 of 2007 (as amended) (“DPL 2007”)) and, significantly, brings the data protection regime in the DIFC closer in line to global data protection standards, notably GDPR and the CCPA. Although organizations already subject to the GDPR may be well placed to comply with the DPL 2020, it is recommended that organizations promptly begin reviewing their data processing activities to ensure they are in compliance with the DPL 2020. The financial and reputational consequences of failure to comply with the DPL 2020 are significant, including administrative fines of up to $100,000 and scope for larger, unlimited fines for serious violations of the DPL 2020.
What You Need to Know: New DIFC Data Protection Law in Force
