INCORP

Menu
+971 4 2500290

Data Protection Regulations in ADGM

Data Protection Regulations in ADGM | ECAG Incorp

In today’s digital landscape, safeguarding personal data is more crucial than ever, especially in global business hubs like the Abu Dhabi Global Market (ADGM). The Data Protection Regulations 2021 (DPR), enacted in February 2021, aim to protect the personal data of individuals processed or controlled within ADGM. This post delves into the various aspects of the DPR to help businesses and individuals understand their rights and responsibilities.

Overview of the Data Protection Regulations 2021

The DPR establishes a framework for the processing of personal data, ensuring that individuals’ privacy rights are respected while facilitating the responsible use of data in business operations. Complying DPR is crucial while going for an ADGM Company setup.

 

Key Definitions

What is Personal Data?

Personal data means any data relating to a living human being and that human being can be identified from that data.

What is Sensitive Personal Data?

Sensitive personal data refers to a category of Personal Data revealing or concerning (directly or indirectly) racial or ethnic origin, criminal record, political opinions, religious or philosophical beliefs, trade‐union membership, and health or sex life.

Any company which intends to obtain UAE residence visas by default processes Sensitive Personal Data.

What is Personal Data processing?

Personal Data processing means any collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction of personal data.

Key roles in Personal Data processing.

  • Data Processor.

Any natural person or legal person who process personal data is defined as a data processor.

  • Data controller.

Any natural or legal person who is responsible for determining the purpose and manner in which personal data is processed in terms with the regulations.

  • Data Subject.

Data subject is that human being whose personal data is processed.

Rights of the Data Subject

  • Right to be informed of the purpose of processing the data, details of the data controller, whether the data will be transferred to a recipient outside ADGM, whether the data will be processed beyond the original intention.
  • To know the period for the Personal Data will be processed and stored.
  • To know the details of the recipient of the data.
  • To lodge a complaint with the Commissioner of Data Protection.
  • To rectify any inaccurate data pertaining to the Data Subject.
  • To complete any incomplete data pertaining to the Data Subject.
  • To erase his/her Personal Data on completion of the intended purpose or on withdrawal of consent or if the Personal Data has been unlawfully processed or if the erasure is required for legal compliance.
  • To restrict processing of Personal Data if its accuracy is contested or if its processing is unlawful.
  • Right to data portability
  • Right to object the Data Processing.

 

Who is a Data Protection Officer (D.P.O)?

A DPO is an expert who can advise on Data Protection Laws and practices who is tasked with monitoring compliance with the Data Protection Regulations as per ADGM as well as with any other Emirati or Federal laws applicable in ADGM.A DPO also acts as a contact point between individuals and ADGM office of Data Protection.

It is mandatory for certain ADGM entities to appoint a DPO.

Role of a DPO.

  • Ensure that the data processing is in compliance with the ADGM Data Protection Regulations as well as any other Applicable Laws in ADGM.
  • To sensitise the data processors, controllers and employees of their obligations while processing Personal Data.
  • To assess and evaluate the impact and risk involved in Personal Data Processing.
  • To act as a point of contact for the Commissioner of Data Protection.

Understanding and complying with the Data Protection Regulations 2021 is essential before and after ADGM company setup as it an ongoing process. These regulations not only protect individuals’ rights but also foster trust in the handling of personal data.

 

Incorporating with ECAG Incorp.

We can help you with the task of ADGM company set up. Partnering with us can simplify the incorporation process as we provide essential support in navigating the regulatory landscape, including DPR. By leveraging our expertise, you can focus on your core operations while ensuring your Data protection practices align with regulatory requirements.

 

FAQs

  1. Which entities process Personal Data by default?

As per sec 145 of Companies Regulations 2020 a company must have at least one natural person as the director. Hence the Office of Data Protection vide Circular No (1) of 2021 has clarified that all companies registered in ADGM processes personal data regardless of the amount or type of personal data.

  1. Which entities process Sensitive Personal Data by default?

Any entity which intends to obtain UAE residence visa processes Sensitive Personal Data by default.

  1. Which entities engage in Data Transfer by default?

A company while applying to obtain UAE residence visa/s, an international data transfer will occur by default. The reason being that the application process requires transfer of personal data to onshore UAE, which is a distinct jurisdiction.

  1. Which entities need to appoint a DPO?

It is mandatory for certain ADGM entities to appoint a DPO. You may check the same via https://dporequirement.questionpro.com/

  1. What are the charges involved in Data Protection?

The Data Protection registration fee is USD 300 and renewal fee of USD 300 every year thereafter. There are no fees for making any notifications under The Data Protection Regulations 2021.