UAE Data Protection Law Compliance Checklist

Does UAE’s Personal Data Protection Law Affect You?

UAE Compliance Checklist

1. Conduct Data Mapping Exercise

  1. Data collected, processed, stored, and transferred by the data controller
  2. Why was the data collected
  3. Where was the data collected from
  4. Where is the data stored and transferred
  5. Whom does the data controller share or sell data subjects’ data to

2. Identify the Lawful Basis of Processing of Personal Data

  1. To protect the data subject’s interests
  2. The data subject’s personal data is available publicly
  3. Processing of personal data is essential for medical reasons
  4. Processing of personal data is essential for legal or security reasons
  5. For scientific, historical, archival, and statistical studies purposes
  6. Processing of personal data is essential for data handler’s compliance with the law
  7. Any other circumstances that might be highlighted by the Executive Regulation in the future

3. Develop Appropriate Consent Mechanism & Policies

4. Fulfill Cross Border Data Transfer Obligations

  • Under a contract that applies the requirements of the PDPL (standard contract clauses);
  • After obtaining the data subject’s express consent for such transfer;
  • If the transfer is necessary for the execution of a contract between the controller and the data subject or as part of a contract between the controller and a third party that achieves the interests of a data subject;
  • If the transfer is necessary for international judicial cooperation;
  • If the transfer is necessary to protect the public interest.

5. Provide Privacy Notices To Individuals For The Processing Of Their Personal Data

6. Assess The Need to Conduct a Personal Information Impact Assessment

7. Appoint a Data Protection Officer

  1. Conducting data processing activities that pose a high risk to the privacy of the data subjects’ data owing to the adoption of new technologies
  2. Conducting data processing activities that involve the use of sensitive personal data for profiling or automated decision-making
  3. Conducting data processing activities that require the processing of a significant amount of sensitive personal data

8. Maintain a Record of Processing Activities

9. Maintain a Comprehensive DSR Framework

10. Develop a Data Breach Response Process

Final Word

--

--

--

All Thing Data Privacy & Security

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Importance of E -Commerce in Nowadays.

From SSRF to Port Scanner

Data Security and Resilience using Secret Shares and Elliptic Curve Methods

Daily Airdrop! Up to $100 USDT Rewards Every Day

Reading 0: They Walk Among Us

Doctor : Hack The Box Walk Through

How to instill a Cybersecurity Awareness Culture in organizations

CSRF PROTECTION WITH SYNCHRONIZER TOKEN PATTERNS

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Privacy Research Team, Securiti

Privacy Research Team, Securiti

All Thing Data Privacy & Security

More from Medium

Tetmon EdgeSet- Joining Disparate Databases To A Single Point Of Access — Within Minutes!

How Decision Automation Solves for Big Data Bias

Speech Analytics: What Is It And What It Can Do?

Speech Analytics: What Is It And What It Can Do?

Organizing a Virtual Networking Event — a Data-Scientists Approach

A server cabinet with a bunch of network cables.