The new ADGM Data Protection Regulations (“DPR”) are in force and all firms in the Abu Dhabi Global Market (“ADGM”) will need to be compliant with the requirements by the 11th February 2022 to continue processing personal data. Firms that were established after the in force date have until 11th of August 2021 to comply. Many firms in the ADGM will require expert assistance to assess the regulations that are applicable to their business, implement a project plan, as well as engage the required business units.
Failure to act or implement suitable measures may be punishable by the Commissioner of Data Protection with fines of up to $28 million.
What should your Firm be considering now?
Some of the initial questions you should be thinking about are:
- Under the new Data Protection Regulations, do you require a Data Protection Officer (“DPO”)?
- Is your Firm required to pay a Data Protection Fee?
- Are you aware of the steps you need to take in the event of a data breach?
- Do you have a Data Processing Map / Record of Processing Activities (“ROPA”)? And if not, do you know what information this should contain?
- How should you handle a Data Subject Access Request?
The amount of work required to implement new data protection regulations is often underestimated.
What support is available to help your firm comply with the ADGM DPR?
Providing a Health Check and a supporting Project Plan
We will assess your current data protection framework against the DPR requirements and provide you with a comprehensive report. Once the report is complete, we will create a bespoke implementation project plan. The project plan will focus on key policy and procedure requirements as well as considerations for each of the business functions including IT, legal, compliance, and training. We will offer advice on best practice and answer any questions that you may have on your implementation journey.
Providing Ongoing Support: Outsourced Data Protection Officer
On completion of the project plan or following your internal implementation of the DPR, you can engage our experienced consultants to act as your Data Protection Officer (“DPO”) on an outsourced basis and be registered with the ADGM Data Protection Commissioner as your DPO. Your consultant will oversee your firm’s processing activities ensuring compliance with the DPR as well as conducting biannual health checks including policy updates, where required. Your consultant can advise and support with Data Subject Access Requests where they occur.
We have helped firms in the UAE and the UK to implement new data protection regulations and ensure their ongoing compliance. Our experienced consultants are equipped to guide you through the details of the DPR as well as the specific changes you will need to implement within your firm.
What should you do now?
If you suspect that there may be a gap in your data protection framework, you need to take action now. If your Firm needs guidance or support with implementing the ADGM Data Protection Regulations, contact us now.