The Abu Dhabi Global Market’s DPR, New Privacy Law

July 15, 2022 | 3 minutes read
The Abu Dhabi Global Market’s DPR, New Privacy Law

The ADGM Data Protection Regulations 2021 (DPR) refers to a data privacy and protection law that was recently passed in the United Arab Emirates (UAE) in February of 2021. As the Abu Dhabi Global Market (ADGM) is an “international financial free zone in Abu Dhabi,” the law was passed for the purpose of protecting the personal data and information of customers that engage in business with companies and organizations that operate within the zone. This being said, the DPR amended the previous data protection framework that governed business transactions within the ADGM by aligning said framework with the provisions of the EU’s General Data Protection Regulation (GPDR).

What is the scope and application of the law?

As it pertains to the scope and applicability of the DPR, the material scope of the law applies to “the processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which forms part of a filing system or is intended to form part of a filing system. files or sets of files, as well as their cover pages, which are not structured according to specific criteria, do not fall within the scope of these regulations.” Alternatively, the scope of the law does not apply to data processing that occurs in the context of purely personal or household activities, as well as information that is collected by public authorities for the purpose of preventing, investigating, detecting, and prosecuting criminal offenses.

What data protection principles were established in the law?

As the DPR was established for the purpose of aligning the laws of the ADGM with the data privacy standards that were set forth in the EU’s GDPR law, the DPR mandates that businesses and organizations within the financial free zone collect and process personal information in accordance with several data protection principles. These data protection principles include:

What are the rights of data subjects under the law?

On the other hand, the DPR also affords data subjects a number of data protection and personal privacy rights. These rights include the following:

What are the penalties for violating the law?

As it relates to the penalties that data controllers and processors within the ADGM stand to face should they fail to comply with the provisions set forth in the DPR, violators of the law are subject to monetary penalties of up to $28,000,000, “depending on the corresponding contraventions of the law.” Due to the severity of these penalties, the law also provided certain existing establishments within the ADGM with a 12-month transition period that would give businesses and organizations the time necessary to alter their data collection and processing practices to maintain compliance with the law.

As of 2022, the ADGM Data Protection Regulations 2021 is the primary data protection law that regulates the collection, processing, retention, transfer, disclosure, and dissemination of personal information with the UAE, in conjunction with The Dubai International Financial Centre (“DIFC”) Data Protection Law No. 5 of 2020. Due to massive amounts of data that are collected within the UAE on a daily basis to the prevalence of businesses and organizations that serve consumers within the numerous metropolitan areas in the country, laws such as the DIFC and DPR are pivotal to ensuring that data subjects can secure their information when purchasing products, goods, and services.

Related Reads

Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy
September 06, 2023 | 4 minutes read
Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy

Body-worn cameras are an essential piece of equipment for law enforcement officers and the redaction of faces from BWC footage is necessary to protect the privacy of individuals.

Learn More »
Sensitive Information, Protected: Patient Privacy, HIPAA, And You
August 30, 2023 | 4 minutes read
Sensitive Information, Protected: Patient Privacy, HIPAA, And You

HIPAA compliance ensures patient privacy. Often making the consequences of non-compliance severe, so how do you avoid that?

Learn More »
Protecting Privacy in the Healthcare Field: PII, PHI & PCI
July 12, 2023 | 5 minutes read
Protecting Privacy in the Healthcare Field: PII, PHI & PCI

Healthcare professionals handle a wide range of sensitive data that is crucial for delivering quality care. But protecting that data is getting harder.

Learn More »
FISA Section 702, Is The US Government Monitoring You?
June 26, 2023 | 6 minutes read
FISA Section 702, Is The US Government Monitoring You?

Is there a give-and-take relationship that must be accepted when it comes to keeping the country safe? Should U.S. persons be okay with the incidental collection of their conversations in the name of national security under FISA Section 702? Even when it violates their constitutional rights? Well, that’s up to Congress to decide.

Learn More »
The Gap You Won’t Want to Close: Air-Gapped Systems
June 05, 2023 | 6 minutes read
The Gap You Won’t Want to Close: Air-Gapped Systems

An air-gapped system is a computer, or network that is physically isolated from any external connections and networks which includes the Internet. It operates in total isolation with neither wired nor wireless connections to other devices.

Learn More »
Using Redaction for Privacy Maintenance as An Investigator
May 31, 2023 | 5 minutes read
Using Redaction for Privacy Maintenance as An Investigator

These oaths emphasize upholding the law, serving the public, and protecting the rights of individuals. One of these many rights is privacy. An investigator must adhere to the legal and ethical guidelines within the jurisdiction and perform their investigation within those specifically set boundaries.

Learn More »