The new Data Protection Law, DIFC No. 5 of 2020 (the "DP Law"), became effective 1 July 2020 and replaces DIFC Law No.1 of 2007. Businesses caught by the legislation have a grace period of three months to bring their organisations into compliance with the new requirements.
The new DP Law has been aligned with data protection regimes elsewhere in the world such as the European General Data Protection Regulation (GDPR) and the California Consumer Privacy Act.
Adoption of international data privacy concepts means we're hopeful that such reform will see other territories recognising the DIFC as providing sufficient regulatory protection to allow data transfers in and out of the DIFC with relative ease.