Since 2004 the DIFC has had an established data protection regime based on international best practice, ensuring the protection of personal information in the DIFC.

The revised Data Protection Law of 2007 (DIFC Law No. 1 of 2007) prescribes rules and regulations regarding the collection, handling, disclosure and use of personal data in the DIFC, the rights of individuals to whom the personal data relates and the power of the DIFC Authority in performing its duties in respect of matters related to the processing of personal data as well as the administration and application of the Law.

Businesses and in particular, banking and financial organizations, are increasingly processing and exchanging individual data electronically. The DIFC Data protection Law embodies international best practice standards, and is consistent with EU directives and OECD guidelines and is designed to balance the legitimate needs of businesses and organizations to process personal information while upholding an individual’s right to privacy.

To help persons and businesses operating in the DIFC maintain compliance with the Law, this site has been designed to provide a useful point of reference and guidance, as well as assist individuals who wish to find out more about the obligations and rights available to them under the Law.

Should you require further information, please contact: