The New Dubai Data Protection Law is Bigger, Better and Will bite harder

From July 1st 2020, life will not be same for Companies who opened offices in Dubai International Financial Center (DIFC) for various reasons. The New Data Protection Law of 2020 will become effective and will totally replace the earlier milder law of 2007.

The law will basically apply to processing of personal data by automated means and where the personal data is part of a filing system and will apply to all companies incorporated in DIFC irrespective of the place where personal data is processed. At the same time it applies to companies irrespective of incorporation if personal data is processed in DIFC as part of a stable arrangement for the processing of personal data in the context of activity in DIFC. It excludes processing of personal data by individuals exclusively for domestic purpose.

While we can discuss the changes in the Grounds of Processing or Data Subject’s rights and Compliance requirements separately, it may be immediately noticed that the new law enhances the remedies available to the Data Subjects and also imposes administrative fines in the form of fines from $50,000 to $ 100,000 for various contraventions, besides directions for cessation of business or reprimands. Additionally the Commissioner can also award compensation to the data subjects or the data subjects may make a claim for compensation through a grievance redressal process or with the intervention of the Court.

Where more than one Controller or Processor is involved, the liabilities will be applicable jointly and severally.

It is therefore time for Companies in India who have their Dubai offices to take a fresh look at their Data Protection Obligations. Many Indian companies might have entered into a business agreement with local companies but they will continue to be liable as either a Joint Controller or a Data Processor and hence have to make an assessment of their liabilities under the new law.

(More discussions will follow)

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.