The UAE Cabinet Office released Federal Decree-Law No. 45 of 2021 concerning “Personal Data Protection” on November 27, 2021, along with many other substantial legislative amendments, as part of an unprecedented legal reform programme in light of the UAE’s Golden Jubilee.

The UAE Federal Decree-Law No. 45 of 2021 concerning “Personal Data Protection” was issued in September 2021. The executive guidelines were planned to be prepared within six months (i.e., by March 2022), which will provide more specifics on the provisions of the law, assisting UAE firms in understanding their compliance obligations under the law. The law will go into effect on January 2, 2022, but businesses must adapt their operations to comply with the law by November 30, 2022, at the very least.

The PDP Law aligns the UAE’s Federal Law with global “best practice” data protection principles and is primarily based on crucial concepts like standard transparency and accountability. The law introduces data rights, data breach requirements, data protection impact assessments, data transfer requirements, and notification and record-keeping requirements. The amendments encompass more than forty laws, seeking to improve the legal framework in various areas, including investment, trade and industry, commercial companies, and copyright, among others, making them the most extensive legislative reform in the young nation’s fifty-year history.

Furthermore, the law has extra-territorial application and imposes obligations on both controllers and processors, although there are limited direct obligations imposed directly on processors. The data subject’s consent is required by law before processing can begin. However, it is subject to certain exemptions, such as where the processing is necessary to perform a contract to which the data subject is a party or where the processing is required to comply with the controller’s legal obligations.

The UAE Federal Decree-Law No. 44 of 2021, “Creation of the UAE Data Office,” was also issued in tandem with the Data Protection Laws in September 2021. This Data Office will act as the data protection regulatory authority, operationalising the law’s requirements.

To get the latest updates on various cyber-related events & other things, you can join our Whatsapp group ( /Telegram Channel (

By- Shubhangi Kumari Mishra

 (Content Writer, WCSF)

error: Content is protected !!
Share This