March 11, 2021

NEW DATA PROTECTION REGIME IN ADGM AND COMPARISON WITH DIFC

Photo by Nick Fewings on Unsplash

NEW DATA PROTECTION REGIME IN ADGM AND COMPARISON WITH DIFC

Abu Dhabi Global Market (“ADGM”) announced on 14 February 2021 that it has enacted the Data Protection Regulations 2021 (the “ADGM DP Regulations”), which will replace the current ADGM Data Protection Regulations 2015. The latter will be repealed, allowing for the ADGM DP Regulations to become enforceable in accordance with the following timeline:

  • in respect of existing establishments in ADGM, following a 12-month transition period, namely on 14 February 2022; or
  • in respect of new establishments that are registered in ADGM, following a 6-month transition period on or after 14 February 2021, namely on 14 August 2021.

The purpose of the ADGM DP Regulations is to align the ADGM’s legal framework for the processing of personal data with the Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR”), the latter being regarded as the leading international standard and best practice in data protection legislation. It is to be noted that the newly established independent ADGM Office of Data Protection, headed by a commissioner, is currently revising and updating its guidance in line with the ADGM DP Regulations.

In July 2020, Dubai International Financial Centre (“DIFC”) paved the way by adopting its most recent DIFC Data Protection Law No. 5 of 2020 (the “DIFC DP Law”) in a similar effort to adapt its data protection legal framework with the GDPR. The DIFC DP Law became fully enforceable after a 3-month transition period, i.e. on 1 October 2020.

While both the DIFC DP Law and the ADGM DP Regulations pursue analogous objectives, the table in this comparative legal analysis aims to underline some of their key features in a comparative manner. Please note that DIFC and ADGM have each appointed a commissioner as the supervisory authority in relation to data protection matters (a “Commissioner”).

DOWNLOAD FULL ARTICLE HERE

Author:

Romain Rolland