In light of the global developments around data protection, specifically on the cross-border transfer of data, the Dubai International Financial Centre ('DIFC') seeks to provide enhanced tools to equip businesses and ensure compliance with both the DIFC, as well as international standards. Being a global business hub, the DIFC is home to international players that undertake both an inward and outward data flow, these businesses being at the crossroads of multiple jurisdictions when it comes to data compliance.

The DIFC has recently proposed updates to its data transfer guidance materials namely, the Standard Contractual Clauses ('SCCs'), the Ethical Data Management Risk Index ('EDMRI'), and the Data Export and Sharing Handbook ('DES Guide'). Dr. Laura Voda and Maquelin Pereira, from Fichte & Co Legal Consultants, provide an overview of the proposed updates and evaluates its impact in meeting the goals of the Data Protection Law, DIFC Law No.5 of 2020 ('the Law').

The Federal Decree-Law No. 45 of 2021 regarding the Protection of Personal Data ('the Law') became effective on 2 January 2022, and it is the UAE's first federally applicable, General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') style data protection law. The Law follows key international data protection principles and best practices, such as those found within the GDPR, and marks a positive step towards greater data protection harmonisation with international standards that is a necessity in today's interconnected age, which is characterised by cross border data flows on an international level. In part two of this series on the Law, Andrew Fawcett and Darya Ghasemzadeh, from Al Tamimi & Company, discuss some of the data subject rights under the Law, as well as its provisions on the role of a data protection officer ('DPO') and cross-border data transfers.

The Dubai International Financial Centre ('DIFC') is a Financial Free Zone within the UAE, which itself is a Federation composed of seven Emirates. Being a Financial Free Zone means that UAE federal civil and commercial law does not apply, and the DIFC is able to create its own legal and regulatory framework for all civil and commercial matters. On 21 May 2020, the DIFC Data Protection Law No. 5 of 2020¹ ('the Law') was enacted in the DIFC and came into effect on 1 July 2020, in addition to the Data Protection Regulations 2020² ('the Regulations'), (collectively, 'DIFC Legislation'). Furthermore, the DIFC has published several guidance materials³ relevant to the implementation of DIFC Legislation. The Law introduces various requirements, notably bringing the DIFC into closer alignment with the EU's General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'). The Law became enforceable from 1 October 2020.

The Dubai International Financial Centre ('DIFC') is a Financial Free Zone within the UAE, which itself is a Federation composed of seven Emirates. Being a Financial Free Zone means that UAE federal civil and commercial law does not apply, and the DIFC is able to create its own legal and regulatory framework for all civil and commercial matters. On 21 May 2020, the DIFC Data Protection Law No. 5 of 2020¹ ('the Law') was enacted in the DIFC and came into effect on 1 July 2020 in addition to the Data Protection Regulations 2020² ('the Regulations'), (collectively, 'DIFC Legislation'). In addition, the DIFC has published several guidance materials³ relevant to the implementation of DIFC Legislation. The Law introduces various requirements, notably bringing the DIFC into closer alignment with the EU's General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'). The Law became enforceable from 1 October 2020.