You are here

Home United Arab Emirates

United Arab Emirates

Country:
United Arab Emirates
Survey Category:
The Cyber Crime Regulations - Landscape of the world - Countries
Survey Question:
2.1 Please specify the obligations regarding IT – Security according to 2 above, e.g. Security standards, obligations in case of data breach, etc.)?
Survey Answer:

Article 16 of DIFC Data Protection Law enumerates security measures to be undertaken while processing personal data. A data controller shall implement appropriate technical and organizational measures to protect personal data against willful, negligent, accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and against all other unlawful forms of processing. Such measures shall ensure a level of security appropriate to the risks represented by the processing and the nature of the personal data to be protected. The data controller shall choose a data processor who provides sufficient guarantees in respect of the technical security measures and organizational measures governing the processing to be carried out, and shall ensure compliance with those measures. In the event of an unauthorized intrusion, either physical, electronic or otherwise, to any personal data database, the data controller or the data processor carrying out the data controller’s function at the time of the intrusion, shall inform the Commissioner of Data Protection appointed under the DIFC Data Protection Law.
Article 9 of the ADGM Data Protection Regulations provides that data controllers shall implement appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing and against accidental loss or destruction of, or damage to, personal data. Such measures shall ensure a level of security appropriate to the risks represented by the processing and the nature of the personal data to be protected. A data controller is to appoint a data processor that provides sufficient guarantees in respect of the technical security measures and organizational measures governing the processing to be carried out, and shall ensure compliance with those measures. In case of breach, whether physical, personal or otherwise, data processors will inform the data controller. The data controller will in turn inform the Registrar appointed under the ADGM Regulations.

Provided By:
Andrew Fawcett and Krishna Jhala, Al Tamimi & Company