About UAE PDPL (Personal Data Protection Law)
Like the GDPR, the UAE Law 45 on PDPL applies to process personal data by any data controller or processor located in the UAE who processes the personal data of data subjects residing or working within or outside the UAE. The law specifically encompasses the personal data of subjects living or working in the UAE.
Obligations for Organizations Under UAE’s PDPL
- Lawful Basis of Processing
- Consent Requirements
- Privacy Notice Requirement
- Security Requirements
- Data Breach Requirements
- Data Protection Officer Requirement
- Data Protection Impact Assessment (DPIA)
- Record of Processing Activities (RoPA)
- Cross Border Data Transfer Requirements
- Third-Party Processing Requirements
Data Subject Rights to be protected under PDPL
- Right to access information
- Right to request personal data portability
- Right to rectification or erasure of personal data
- Right to restriction of processing
- Right to stop processing
- Right of processing and automated processing
Is it Required for Your Company?
The PDPL applies to data controllers or processors located in the UAE who process the personal data of data subjects residing or working within or outside the UAE. It covers the personal data of individuals who live or work in the UAE.
The Data Office holds the authority to impose administrative sanctions for PDPL violations. However, the acts that violate the PDPL and the corresponding administrative sanctions have yet to be published.
What Is Required to be PDPL Compliant?
To ensure compliance with data privacy regulations, organizations must implement a set of policies, procedures, processes, and controls that are strictly adhered to. This may also entail changing IT applications, contracts with stakeholders, and website(s).
Having completed over 30 data privacy implementations in the past four years, Univate possesses the requisite experience and expertise to guide your organization through the implementation process and ensure compliance with regulatory audits.
Why Univate? How we stand out?
Univate profoundly understands PDPL requirements across various industry segments and business lines. Our distinctive approach ensures that all aspects of an organization’s business components, including products, services, client-facing activities, internal operations, and cloud instances, comply with PDPL regulations. Our services include consultation, implementation support, and guaranteeing the implementation of all appropriate technical and organizational controls and safeguards as required by GDPR.
We follow a comprehensive 3-phase approach for our engagements, starting with the Diagnose phase and concluding with the Assure phase. Each phase is arranged sequentially, with detailed activities and deliverables outlined in subsequent sections of this document.
Salient features of our engagement approach are:
- Unique and Proven engagement approach
- End-to-end documentation
- Training on the model with comprehensive training materials and handholding
- Complex client implementation experience in different countries
- Cost arbitrage
- Reduce management time required
- Reduce the cost of sustenance
- Our unique automation tool automates managing the system
We provide Data Protection assessments, PDPL reviews and gap assessments to help companies adopt and implement the new PDPL regulations.
Our assessment and implementation support methodology addresses critical areas like:
- GAP analysis report with Remediation action with recommendations.
- Practical Road Map for Design, rollout and Institutionalisation of recommended controls
- Training, course materials and certificates for participants
- Identified Roles and responsibilities wrt. PDPL compliance requirements.
- conducting Data Protection Impact Assessment (DPIA),
- Data Protection Policy, Procedure, Manual, Work instruction documentation
- Recommendation of best practices for Data protection by design
- Framework for Internal Audits and Audit Reports for PDPL, DPL & GDPR Compliance
- DPO office roles and responsibility establishment
- Support remediation of Governance controls and Recommendation and Oversight for all technical control implementation
- Final assessment and ensuring formal closure of all GAPs, Action items and FINAL COMPLIANCE SCORE CARD Ratings
- Management status report for PDPL, DPL & GDPR initiative.
Benefits of being PDPL compliant:
- Higher credibility and trust with business partners
- Better understanding and management of personal data
- Easier business process automation
- Strong brand reputation
- Minimize legal risks
- Transparency with customers