UAE Law and Practice Contributed by: Saifullah Khan and Saeed Hasan Khan, Bizilance Legal Consultants
1.2 Regulators The UAE Data Office is the regulator for the pur - poses of the UAE Law. The Commissioner of Data Protection adminis - ters the DIFC Law. The Commissioner is also responsible for the monitoring and enforcement of the ADGM Regulations. The Central Bank of the UAE and the Telecom - munications and Digital Government Regulatory Authority (TDRA) are the regulators concerning the banking and telecommunications sectors, responsible for (among others) the protection of their respective consumers’ data. Health authorities (federal or local government) are entrusted with the protection of patients’ data. The above-mentioned authorities have the pow - ers of investigations and complaint-handling in their respective spheres. 1.3 Enforcement Proceedings and Fines The Data Office (concerning the UAE Law) is competent to receive complaints by data sub - jects regarding contravention of provisions of the UAE Law. The Data Office is also competent to impose administrative sanctions on contra - vention of provisions of the UAE Law. A person aggrieved by any decision, administrative sanc - tion or any action of the Data Office may file a grievance with the Director General of the Data Office. The grievance is to be filed within 30 days of the date of decision, administrative sanction or action of the Data Office. The Director General of the Data Office is to determine such grievance within 30 days of its filing. The executive regu - lations to be issued pursuant to the UAE Law will specify the procedural aspects for filing and deciding on such grievances.
The Commissioner of Data Protection (under the DIFC Law) is competent to receive complaints from data subjects concerning contravention of the DIFC Law or any breach of the rights of data subjects. The Commissioner is empow - ered to investigate the complaints and to issue a direction or declaration. The Commissioner is empowered to impose fines in the event of non-compliance with a direction issued by them. Concerning a complaint lodged with them, the Commissioner may follow such practices and procedures that will, in the Commissioner’s view, lead to a most timely, fair and effective resolution of the claim in the complaint. The controller, pro - cesser or data subject aggrieved by the Com - missioner’s decision may appeal to the DIFC Court within 30 days. On contravention of the ADGM Regulations, a data subject may lodge a complaint with the Commissioner of Data Protection under the ADGM Regulations. After an assessment, the Commissioner may: • dismiss the complaint; • uphold the complaint; • uphold the complaint but with no further action; or • take any further action. The aggrieved controller, processer or data sub - ject may refer the matter to the court for review. The court may make any orders that it thinks just and appropriate in the circumstances, within three months of the penalty notice, direction or date of complaint. Under the UAE Federal Decree Law, the admin - istrative sanctions to be imposed are issued by the cabinet upon proposal of the Director Gen - eral of the Data Office.
497 CHAMBERS.COM
Powered by FlippingBook