By Justin Cornish, Alice Marsden, Brian Meenagh

On February 26, 2012 the Office of the Commissioner of Data Protection (OCDP) for the Dubai International Financial Centre (DIFC) published its Strategic Plan for 2012-14. One of the key statements in the Strategic Plan is the statement of the OCDP’s intention to apply to the European Commission for acceptance of the DIFC as a jurisdiction with an adequate data protection regime. If the DIFC is officially declared ‘adequate’ by the European Commission, this will offer EEA data exporters a simple and reliable route to complying with European export rules for data exports to the DIFC.

The main alternatives (entering into the European Commission approved Standard Contractual Clauses or establishing intra-group Binding Corporate Rules) require considerable administrative effort, time and costs. This would also be good news for DIFC-based service providers or group companies, who should find their administrative and compliance costs reduced and would open up the DIFC’s potential as a base for outsourcing and information services industries. It is worthy of note however that an adequacy declaration may be revised or revoked once the new European regime (set out in the draft General Data Protection Regulation issued on January 25, 2012) comes into force, meaning a declaration prior to the implementation of the new regime may only provide temporary respite.

Click here for the full text of the Strategic Plan.