DIFC engages with UK dept for data protection law

Dubai - Adequacy recognition of DIFC’s Data Protection Law would mean that it is fair and effective enough to protect UK-originating data being processed by entities.

Dubai International Financial Centre (DIFC ), the leading international financial hub in the Middle East, Africa and South Asia (MEASA) region, has formally engaged with the UK’s Department for Digital, Culture, Media and Sport Department (DCMS) regarding the Data Protection Law, DIFC Law No. 5 of 2020 (DP Law 2020).

The collaboration between DIFC and DCMS comes part of the UK’s overall approach to international data transfers, including establishment of an International Data Transfers Experts Council in addition to the aforementioned assessments of DIFC and five other top priority jurisdictions.

This process is to determine whether DP Law 2020 is substantially equivalent to the UK General Data Protection Regulation and UK Data Protection Act of 2018 (UK DPA). Adequacy recognition of DIFC’s Data Protection Law would mean that it is fair and effective enough to protect UK-originating data being processed by entities in the Centre.

Recognition would reinforce data flows between the jurisdictions, help build better trade relationships and promote high standards of accountability and transparency in businesses that deal with DIFC entities.

Arif Amiri, CEO of DIFC Authority, said: “At DIFC we are committed to implementing best-in-class regulations and standards across all of our business functions, to ensure the provision of integrated financial services commensurate with the needs of our partners. Data protection and the preservation of privacy are key factors that impact the work done by companies working in the DIFC, therefore we are pleased to cooperate with the UK Digital, Culture, Media and Sport Department with the aim of securing adequacy recognition by the UK and reinforcing DIFC’s alignment with international standards. This step would further highlight how DIFC’s practical and effective legal infrastructure serves as a model for data protection in the region and contribute to the consolidation of DIFC’s position as one of the leading financial centres in the world.”

DP Law 2020

DIFC’s DP Law 2020 is the updated version of the longest-standing data protection law in the GCC region. The first law was enacted in 2004 and amended in 2007. Based on UK, EU and global data protection principles and best practices, the DP Law 2020 sets out expectations for Controllers and Processors in DIFC regarding several key privacy and security principles. It combines the best practices from a variety of current, world class data protection laws and balances other forward-thinking, technology agnostic concepts with robust protections for individuals’ privacy rights. Safeguards for transferring data from DIFC to other jurisdictions with no or dissimilar data protection laws creates risk to privacy rights and therefore requires either recognition of the law in a jurisdiction as equivalent or “adequate”.

DCMS Assessment and Decision

The UK has the power to recognise other laws under its own national data protection law. Through DCMS’s rigorous review process of DIFC data flows and the unique legal and regulatory framework of DIFC as a free zone, the Centre hopes the DP Law 2020 will be awarded recognition that it is compatible enough with the UK DPA. DCMS’s final decision will be made in due course, after the full, robust assessment process is complete and provided DIFC delivers sufficient evidence of the required elements.

— business@khaleejtimes.com