Are You an ADGM Data Protection Regulations Compliant Organization?
Abu Dhabi Global Market (ADGM) is an international financial center that enables global best practices in UAE. They issued on 11 February 2021 a new data protection regulation. The Independent Office of Data Protection is established due to ADGM’s new regulations enactment. This blog will provide key highlights of the suite of guides and documents issued by the authority.
Overview of the New Data Protection Regulations 2021
New policies have been majorly changed and ensure better data safety although it shares some similarities with the previous regulations, such as Registration Obligation with the Office of Data Protection. Also, notification obligations to the Office of Data Protection and Data Transfer Requirements and Permits are similar.
The new regulations require entities
- To maintain a Record of Processing Activities
- To appoint a Data Protection Officer
- Comply with the Data Protection Principles
- Conduct Data Protection Impact Assessments on high-risk processing activities.
- Data Breach Notifications to Data Subjects in some instances
- Implementing Data Processing Agreements with Data Processors.
There was no specific policy regarding the penalty in the earlier framework, whereas the new data protection framework states a maximum liability of 28 million USD for administrative breaches. In case of serious violations, ADGM prevails the right to increase the penalty amount.
Key Highlights of Guidance
To ensure the compliance and understanding of the Data Protection Regulations 2021, the Office of Data Protection (ODP) of Abu Dhabi Global Market (ADGM), the international financial center, has released guidelines that cover the following critical areas of new regulations:
- It contains an overview section that introduces the overall new regulation’s features, definitions, and the territorial scope of guidelines.
- It contains an individual rights section that provides briefings about how an individual’s rights will be protected. It also includes the roles and responsibilities of ADGM entities.
- The obligation on data controllerand processors part requires companies to follow practices related to the data protection of their stakeholders. The entities must adhere to data protection by design and default, impact assessments, and uncertainties followed by agreements in processors.
- It has a section namedinternational transfers that provide a set of regulations and implementation of provisions while transferring personal data outside of the purview of ADGM.
Applicability and Scope
The new Regulations apply to organizations processing personal data or processing in the context of the activities of an establishment in the ADGM. Personal Data is defined broadly in the new Regulations and covers any information identifying a living person.
It is also applicable for new entities incorporated on or after 14 February 2021, whereas the new Regulations have come into effect on 14 August 2021.
Exempted Persons
The new Data Protection Regulations exempt micro-businesses with five or fewer employees unless the company undertakes high-risk processing activities. Micro-businesses need to identify how the regulation applies to specific circumstances and processing activities.
Final Thoughts
You should have a basic understanding of what are the requirements of the regulations so that you can make your organization the data protection regulations compliant. It is also advisable to consult a professional to avoid any mistakes and non-compliance.
How Can We Help?
We have a dedicated team of experts who can guide you on legal compliance matters, the company registration process, while also taking care of your accounting, auditing, taxation, and PRO requirements.
Register your free consultationwith us to know more about the extended services we offer.
