Tailored To Meet the Rigorous Standards of The UAE PDPL Regulation
We are your NorthStar in guiding businesses through the intricacies of PDPL compliance, ensuring your organization's data practices align seamlessly with local laws.
What is UAE PDPL ?
The Federal Decree-Law No. 45 of 2021 regarding the Protection of Personal Data (‘the Law’) became effective on 2 January 2022, and it is the UAE’s first federally applicable, data protection regulation.
The Law follows key international data protection principles and best practices, such as those found within the GDPR, and marks a positive step towards greater data protection harmonisation with international standards that is a necessity in today’s interconnected age, which is characterised by cross border data flows on an international level.
Who is impacted
The UAE PDPL applies to:
1. People residing in or who have a place of business that processes personal data.
2. Companies based in the UAE that handle personal data of people living in or traveling to the UAE.
3. Businesses based outside of the UAE that handle personal information of UAE residents.
What are the penalties for
non-compliance
Penalties for violations are not specified in the PDPL. The ensuing Executive Regulations are anticipated to contain a description of the severity of the penalties. If a data subject has grounds to suspect that a controller or processor has violated the PDPL, they may complain to the UAE Data Office. The Council of Ministers may decide to apply administrative sanctions as part of its decision. For violations of other provisions of the PDPL, penalties are limited to a warning notice or a fine not exceeding SAR 5 million ($1.3 million). The court may double the penalty of the fine in case of repetition of offenses.