The ADGM Data Protection Regulations 2021
The new ADGM Data Protection Regulations (“DPR”) are now in force and all organisations in the Abu Dhabi Global Market (“ADGM”) must be compliant with the requirements in order to continue processing personal data.
Failure to act or implement suitable measures may be punishable by the Commissioner of Data Protection with fines of up to $28 million.
The amount of work required to implement new data protection regulations is often underestimated. Some initial questions that you should be considering are set out below:
- Under the new Data Protection Regulations, do you require a Data Protection Officer (“DPO”)?
- In the event of a data breach, are you aware of the next steps?
- Do you have a data processing map or Record of Processing Activities (“ROPA”)? If not, do you know what information this should contain?
- How should you handle a Data Subject Access Request?
Our high-level ADGM Data Protection Regulation checklist is available to download here.
How can we help you to comply with the ADGM DPR?
Providing a health check and a supporting project plan
We will assess your current data protection framework against the DPR requirements and provide you with a comprehensive report. Once the report is complete, we will create a bespoke implementation project plan. The project plan will focus on key policy and procedure requirements as well as considerations for each of the business functions including IT, legal, compliance, and training. We will offer advice on best practice and answer any questions that you may have on your implementation journey.
Providing ongoing support: Outsourced Data Protection Officer
On completion of the project plan or following your internal implementation of the DPR, you can engage our experienced consultants to act as your Data Protection Officer (“DPO”) on an outsourced basis and be registered with the ADGM Data Protection Commissioner as your DPO. Your consultant will oversee your processing activities to ensure compliance with the DPR as well as conducting biannual health checks including policy updates, where required. Your consultant can advise and support with Data Subject Access Requests where they occur.
If you suspect that there may be a gap in your data protection framework you must act immediately. If you require guidance or support with implementing the ADGM Data Protection Regulations, please contact us.