Latham lawyers explain who the DIFC’s new law applies to and how it maps against the GDPR.

By Brian A. Meenagh, Fiona M. Maclean, Alexander Hendry, and Avinash Balendran

The Dubai International Financial Centre (DIFC) recently issued a new data protection law and regulations: the Data Protection Law DIFC Law No. 5 of 2020 and the Data Protection Regulations (together, the DIFC DP Legislation).  The new law, which became effective on 1 July 2020, sets a significant benchmark for data privacy in the Middle East and aligns the DIFC’s data protection framework with international data protection regulations, including the EU’s General Data Protection Regulation (GDPR).

Whilst there are similarities between the DIFC DP Legislation and the GDPR, there are several important differences. A new Latham Client Alert contains a useful crib sheet for data privacy practitioners who are familiar with the GDPR to get up to speed on the DIFC DP Legislation. In particular, the Alert:

  • Describes who the DIFC DP Legislation applies to
  • Maps the DIFC DP Legislation against the GDPR, and highlights where the DIFC DP Legislation materially differs from the GDPR
  • Provides practical takeaways for businesses to prepare for the 1 October 2020 deadline for full compliance

Read the full Client Alert here.