The ADGM Data Protection Regulations 2021 - Waystone

      The ADGM Data Protection Regulations 2021

      The new ADGM Data Protection Regulations (“DPR”) are now in force and all organisations in the Abu Dhabi Global Market (“ADGM”) must be compliant with the requirements in order to continue processing personal data.

      Failure to act or implement suitable measures may be punishable by the Commissioner of Data Protection with fines of up to $28 million.

      Key considerations

      The amount of work required to implement new data protection regulations is often underestimated. Some initial questions that you should be considering are set out below:

      • Under the new Data Protection Regulations, do you require a Data Protection Officer (“DPO”)?
      • In the event of a data breach, are you aware of the next steps?
      • Do you have a data processing map or Record of Processing Activities (“ROPA”)? If not, do you know what information this should contain?
      • How should you handle a Data Subject Access Request?

      How can we help you to comply with the ADGM DPR?

      Providing a health check and a supporting project plan

      We will assess your current data protection framework against the DPR requirements and provide you with a comprehensive report. Once the report is complete, we will create a bespoke implementation project plan. The project plan will focus on key policy and procedure requirements as well as considerations for each of the business functions including IT, legal, compliance, and training. We will offer advice on best practice and answer any questions that you may have on your implementation journey.

      Providing ongoing support: Outsourced Data Protection Officer

      On completion of the project plan or following your internal implementation of the DPR, you can engage our experienced consultants to act as your Data Protection Officer (“DPO”) on an outsourced basis and be registered with the ADGM Data Protection Commissioner as your DPO. Your consultant will oversee your processing activities to ensure compliance with the DPR as well as conducting biannual health checks including policy updates, where required. Your consultant can advise and support with Data Subject Access Requests where they occur.

      If you suspect that there may be a gap in your data protection framework you must act immediately.  If you require guidance or support with implementing the ADGM Data Protection Regulations, please contact us.

      ADGM Data Protection Regulation

      Our high-level ADGM Data Protection Regulation checklist is available to download here.

      UAE Data Protection Comparison

      Our comparison document helps to simplify each UAE Regime & provides a comparison to assist in developing a suitable personal data protection framework.

      Get in touch

      Call us

      Select phone
      • Bermuda (Bermuda)
      • Canada (Canada)
      • Cayman Islands (Cayman Islands)
      • Hong Kong (Hong Kong)
      • India (India)
      • Ireland (Dublin Headquarters)
      • Ireland (Cashel location)
      • Ireland (Maynooth)
      • Luxembourg (Waystone Luxembourg)
      • Luxembourg ()
      • Philippines (Philippines)
      • Singapore (Singapore)
      • Switzerland (Switzerland)
      • United Arab Emirates (Dubai)
      • United Arab Emirates (Abu Dhabi)
      • United Kingdom (London)
      • United Kingdom (Belfast)
      • United Kingdom (Leeds)
      • United Kingdom (Exeter)
      • United States (New York)
      • United States (San Francisco)
      • United States (Chicago)
      • United States (New Jersey)