Firms get a 3-month window as DPL comes into force on July 1

Businesses will get an implementation window of three months to prepare and review their data protection protocols as the landmark Data Protection Law (DPL) comes into force at the Dubai International Financial Centre from tomorrow.
Organisations operating at the DIFC and beyond have three months as of July 1 to consider how they will address the requirements of the DPL 2020, said Johnny Karam, regional vice president, Emerging Region at Veritas Technologies.
"The next three months should represent an evolutionary process; but they also represent a significant opportunity for businesses to get ahead of the curve and take control of their data," he said.
The new DIFC law, featuring enhancements related to global data, positions the region as a top-tier jurisdiction for data protection, complementing the digital transformation across the region.
"It is another example of how key governing bodies like the DIFC, as well as the UAE government, are committed to upholding global best practices in data protection and regulations," said Karam.
General fines have been introduced for serious breaches of the law, in addition to or instead of administrative fines.
The DPL combines the best practices from a variety of current, world-class data protection laws, such as the General Data Protection Regulation (GDPR), the California Consumer Privacy Act and other forward-thinking, technology agnostic concepts.
According to Dino Wilkinson, partner, and Ben Gibson, senior associate of Clyde& Co, full compliance will require more than just a paper-based approach and should involve methodical assessment, planning, and implementation. "If you have updated your data procedures and policies in line with the GDPR, then you should already be compliant with key aspects of DPL 2020; however, you should still consider how your DIFC operations are conducted and whether there any specific features of the DPL 2020 that need close attention," they said.   
"Organisations are rightly seen as the trusted custodians of data, but what happens when those same organisations don't even know what data they have, let alone where it resides and how to treat it. Such is the problem created by dark data - data that has is unstructured, unclassified and sometimes even unrecognized," said Karam.
"UAE businesses surveyed were not managing their data as effectively as they should. As much as 88 per cent of the data stored by organisations is either dark or Redundant, Outdated and Trivial (ROT) data, added Karam. 
issacjohn@khaleejtimes.com