Strengthening data privacy and protection in DIFC

Over the past few years, the United Arab Emirates (UAE) has made meaningful progress in strengthening its data protection landscape. This includes the introduction of national-level Personal Data Protection Law (PDPL) and the establishment of data privacy and protection regulations within key financial free zones such as the Dubai International Financial Centre (DIFC) and Abu Dhabi’s International Financial Centre (ADGM).

As part of this continued development, the DIFC has updated its Data Protection Law No. 5 of 2020 to reflect emerging global practices and address practical challenges faced by businesses. The latest set of amendments, introduced through Amendment Law No. 1 of 2025 and effective from 15 July 2025, bring enhancements across several areas including individual rights, crossborder processing, regulatory scope, and compliance obligations. These updates aim to provide greater clarity, reinforce accountability, and ensure that the DIFC continues to offer a robust and future-ready data protection framework for organizations operating within its jurisdiction.

Since its enactment in 2020, the DIFC Data Protection Law has played an important role in shaping data protection practices in the region. It draws from international standards such as the EU-GDPR and aims to promote strong privacy principles. In recent years, the DIFC has continued to strengthen its position as a leading center for data protection, with the commissioner’s office encouraging greater adoption of privacy practices, transparency, and accountability across the business community.

The latest set of amendments, developed through a public consultation earlier this year, reflects the DIFC’s efforts to keep pace with evolving business needs and global developments. These changes address practical challenges related to the use of artificial intelligence, international data transfers, and individual rights, providing further clarity for organizations working with personal data.