The new DIFC Data Protection Law (“the DPL”) will come into force on 1st October 2020 and all DIFC firms will need to be compliant with its requirements by then. Many firms in the DIFC will require expert assistance to assess all the changes as they apply to their business, implement a project plan as well as engage the required business units.
Implementing the DPL adequately and maintaining compliance on an ongoing basis should be treated as a priority.
Failure to act or implement suitable measures may be punishable by the commissioner with fines of up to $100,000 per breach.
The Commissioner also reserves the right to impose an additional unspecified fine for severe failures.
Data Protection Officer (“DPO”) or Data Protection Contact
All firms are required to register an individual as a contact with the DIFC Data Protection Commissioner, and in addition to this, some firms may be required under the legislation to appoint formally a Data Protection Officer to ensure the firm complies with its legal responsibilities.
Data Processing Map
One of the key requirements when implementing the DPL is to create a data processing map. All firms are expected to consider the nature of data collected, how it is processed, where it is held, as well as whether it has been transferred to a jurisdiction outside of the DIFC. Firms will have difficulty in implementing the DPL until the data processing map has been completed.
Whilst the extent of the requirements may differ from firm to firm, the high-level checklist included in our recent Regulatory Insight article 'DIFC Data Protection Law - What you should do now' will help you get started.
What support is available to help your firm comply with the DPL?
Our team of consultants are able to provide your firm with support in the following ways:
Providing a project plan - fixed fee
You will be allocated up to 20 hours of consultancy time. We will create, and walk you through the project plan, advising you on the best way to implement the plan and answering any questions that you may have along the way. The project plan will focus on key policy and procedure requirements as well as considerations for each of the business functions including IT, legal and compliance and training. If you require further assistance following this process, we can provide this on an ad-hoc hourly basis at our standard rates.
Providing Ongoing Support: Outsourced Data Protection Officer – monthly retainer
On completion of the project plan or following your internal implementation of the DPL, you can engage our experienced consultants to act as your Data Protection Officer on an outsourced basis and be registered with the DIFC Data Protection Commissioner as your Data Protection Officer. You will be allocated up to 8 hours of support per month, with any hours provided above this charged at our standard hourly rate. Your consultant will ensure that your firm’s processes for complying with the new legislation are complied with and ensure that any changes to your firm’s systems or business model adequately take into account the requirements of the new legislation.
As the first consultancy firm to become established in the DIFC in 2006, we have experienced consultants who are able to guide you through the details of the DPL as well as the changes you will need to implement within your firm.
What should you do now?
With the deadline fast approaching, you need to take action now. If your firm needs guidance or support with implementing the new DIFC Data Protection Law, contact us now. For a PDF version of our DIFC DPL services click here.