Key Details

Duration: 3 Hours
Delivery: Inhouse

Overview

The Dubai International Financial Centre (DIFC) introduced a new data protection law (the DPL) in 2020 – Data Protection Law No. 5 – applicable from 1st July 2020. Training on the new law is vital for staff at DIFC firms – not just for successful implementation but also to avoid...

The Dubai International Financial Centre (DIFC) introduced a new data protection law (the DPL) in 2020 – Data Protection Law No. 5 – applicable from 1st July 2020. Training on the new law is vital for staff at DIFC firms – not just for successful implementation but also to avoid the possibility of significant financial sanctions for breaches. Suitable for all staff, this course will sit perfectly within firms’ training programmes. It puts the DIFC Data Protection Law into context, highlighting its core requirements in a way that is sufficiently comprehensive to be suitable for all staff needing training on its purpose and impact.

The training course is made up the following subsections:

Introduction

  • The aim of the Law
  • Why it is necessary
  • Who it applies to
  • When it applies

General Requirements

  • The principles of the Law:
  • Lawful, fair and transparent processing
  • Purpose limitation
  • Data limitation
  • Data subject rights
  • Accuracy
  • Data retention period
  • Data security
  • Accountability

Lawful Processing (incl consent)

  • The main instances that provide organisations with the legal basis they require
  • What makes consent valid

Individual Rights

  • Right to be informed
  • Right of access
  • Right to rectify
  • Right of erasure
  • Right to data portability

Accountability

  • Privacy by design
  • Data protection impact assessments
  • The Data Protection Officer (DPO)
  • High risk processing activities

Breaches and notifications

  • Notification requirements of a personal data security breach

Data Transfers

  • Restriction on the transfer of personal data outside of the DIFC except in limited circumstances
  • The limited circumstances in which personal data may be transferred