The goal of the DIFC Commissioner of Data Protection (the "Commissioner") in producing this guidance is to inform organisations subject to the DIFC Data Protection Law, Law No. 5 of 2020 (the "DPL") and the Data Protection Regulations issued pursuant to the DPL (the "Regulations") about the potential consequences of violating the DPL.
The consequences include: administrative fines; general fines; compensation claims; adverse publicity.
The guidance is issued by the Commissioner pursuant to Article 46(3)(h)(iii) of the DPL. In accordance with Schedule 1, Section 2(g) of the DPL, guidance issued under the DPL is indicative and non-binding.
This guidance is based on the DPL and the Regulations (collectively, "Legislation") as at 1 July, 2020 and remains current unless and until updated, withdrawn or replaced. Please visit www.difc.ae to read the full text of the Legislation.
This guidance comprises the Commissioner's interpretation of the Legislation and is issued in furtherance of the Commissioner's obligation to pursue the objectives of promoting observance of the Legislation and pr...