UAE Trends and Developments Contributed by: Kokila Alagh and Akshata Namjoshi, Karm Legal Consultants
Conclusion In recent years, the UAE, DIFC and ADGM have made notable progress in developing compre - hensive data protection frameworks. While the UAE’s federal law, the PDPL, is still awaiting its Executive Regulations, the DIFC and ADGM have already implemented robust data protec - tion regulations inspired by the EU GDPR, which ensure strong safeguards for personal data. These frameworks emphasise individual rights and accountability to uphold privacy and con - fidentiality. However, as regulations continue to evolve, organisations must stay proactive and implement effective compliance strategies to navigate the shifting landscape of data protec - tion.
• corrective measures have been taken that eliminate any significant risks; and • notifying individuals is impractical (eg, owing to outdated data or an excessively large num - ber of affected individuals) – in such cases, a
public notice should be issued. The Commissioner’s authority
If a company opts not to notify individuals, the Commissioner may still require it if they assess a high risk. Conversely, they may confirm that no notification is necessary if risks are low. Analysis Every jurisdiction has different reporting obliga - tions. While further regulatory guidance is await - ed regarding the PDPL, companies must none - theless swiftly inform the UAE Data Office of incidents posing risks to data subjects. The DIFC and ADGM mandate immediate breach reporting to the Commissioner, who may require notify - ing affected individuals and impose penalties for non-compliance. Across all frameworks, compa - nies must maintain breach records, assess risks and implement corrective measures.
513 CHAMBERS.COM
Powered by FlippingBook