About UAE PDPL (Personal Data Protection Law)

Like the GDPR, the UAE Law 45 on PDPL applies to process personal data by any data controller or processor located in the UAE who processes the personal data of data subjects residing or working within or outside the UAE. The law specifically encompasses the personal data of subjects living or working in the UAE.

Obligations for Organizations Under UAE’s PDPL

  • Lawful Basis of Processing
  • Consent Requirements
  • Privacy Notice Requirement
  • Security Requirements
  • Data Breach Requirements
  • Data Protection Officer Requirement
  • Data Protection Impact Assessment (DPIA)
  • Record of Processing Activities (RoPA)
  • Cross Border Data Transfer Requirements
  • Third-Party Processing Requirements

Data Subject Rights to be protected under PDPL

  • Right to access information
  • Right to request personal data portability
  • Right to rectification or erasure of personal data
  • Right to restriction of processing
  • Right to stop processing
  • Right of processing and automated processing

Is it Required for Your Company?

The PDPL applies to data controllers or processors located in the UAE who process the personal data of data subjects residing or working within or outside the UAE. It covers the personal data of individuals who live or work in the UAE.

The Data Office holds the authority to impose administrative sanctions for PDPL violations. However, the acts that violate the PDPL and the corresponding administrative sanctions have yet to be published.

What Is Required to be PDPL Compliant?

To ensure compliance with data privacy regulations, organizations must implement a set of policies, procedures, processes, and controls that are strictly adhered to. This may also entail changing IT applications, contracts with stakeholders, and website(s).

Having completed over 30 data privacy implementations in the past four years, Univate possesses the requisite experience and expertise to guide your organization through the implementation process and ensure compliance with regulatory audits.

 UAE PDPL (Personal Data Protection Law)

Contact Us

This field is for validation purposes and should be left unchanged.
  • Personal Data Protection Consultancy and Certification


    CMMI Consultancy and Appraisal Services


    Service Management and Excellency

    ISO 20000I ITILI ISO 10001I CMMI SVC

    Information and Data Security


    Governance Risk and Compliance

    SSAE 18 SOC 2 Type 1 , 2I COBITI ISO 31000I ISO 9001

    Cyber Security, Cloud Security Risk Mitigation

    CSA STARI ISO 27017I ISO 27018I Cloud Security Assessment Cyber Security AssessmentI Technical Security, VA PTI Cyber security Capability Maturity Model (C2M2)I CISO as a Service

    Business Continuity and Resilience

    ISO 22301I NCEMA

    Food Safety and Security

    ISO 22000I HACCP

    Audit and Assurance Services

    ISO 45001I ISO 14001I ISO 55001I ISO 56001I Statutory and Regulatory Compliance
  • Why Univate? How we stand out?

    Univate profoundly understands PDPL requirements across various industry segments and business lines. Our distinctive approach ensures that all aspects of an organization’s business components, including products, services, client-facing activities, internal operations, and cloud instances, comply with PDPL regulations. Our services include consultation, implementation support, and guaranteeing the implementation of all appropriate technical and organizational controls and safeguards as required by GDPR.

    We follow a comprehensive 3-phase approach for our engagements, starting with the Diagnose phase and concluding with the Assure phase. Each phase is arranged sequentially, with detailed activities and deliverables outlined in subsequent sections of this document.

     UAE PDPL (Personal Data Protection Law)

    Salient features of our engagement approach are:

    • Unique and Proven engagement approach
    • End-to-end documentation
    • Training on the model with comprehensive training materials and handholding
    • Complex client implementation experience in different countries
    • Cost arbitrage
    • Reduce management time required
    • Reduce the cost of sustenance
    • Our unique automation tool automates managing the system

    We provide Data Protection assessments, PDPL reviews and gap assessments to help companies adopt and implement the new PDPL regulations.

    Our assessment and implementation support methodology addresses critical areas like:

    • GAP analysis report with Remediation action with recommendations.
    • Practical Road Map for Design, rollout and Institutionalisation of recommended controls
    • Training, course materials and certificates for participants
    • Identified Roles and responsibilities wrt. PDPL compliance requirements.
    • conducting Data Protection Impact Assessment (DPIA),
    • Data Protection Policy, Procedure, Manual, Work instruction documentation
    • Recommendation of best practices for Data protection by design
    • Framework for Internal Audits and Audit Reports for PDPL, DPL & GDPR Compliance
    • DPO office roles and responsibility establishment
    • Support remediation of Governance controls and Recommendation and Oversight for all technical control implementation
    • Final assessment and ensuring formal closure of all GAPs, Action items and FINAL COMPLIANCE SCORE CARD Ratings
    • Management status report for PDPL, DPL & GDPR initiative.

    Benefits of being PDPL compliant:

    • Higher credibility and trust with business partners
    • Better understanding and management of personal data
    • Easier business process automation
    • Strong brand reputation
    • Minimize legal risks
    • Transparency with customers