AMLEGALSDPDPAVibe Data Privacy
← GCC Regulatory Hub

UAE
Innovation.

Federal Decree-Law No. 45/2021. The UAE's sophisticated dual-track regulatory framework for data protection.

Dual-Track
Framework
Federal + Free Zones
AED 10M
Max Fine
Per Violation
GDPR-Aligned
DIFC/ADGM
Common Law Zones
Ministry
Regulator
UAE Data Office
Regulatory Architecture

Tri-Jurisdictional Framework

Federal (Onshore)

Federal Decree-Law No. 45/2021
Regulator

UAE Data Office

Scope

Applies to all entities in mainland UAE

DIFC

DIFC Law No. 5 of 2020
Regulator

Commissioner of Data Protection

Scope

Dubai International Financial Centre - common law jurisdiction

ADGM

Data Protection Regulations 2021
Regulator

ADGM Registration Authority

Scope

Abu Dhabi Global Market - common law jurisdiction

Federal Decree-Law 45/2021

Core Principles

The Federal data protection law establishes baseline requirements for all onshore UAE entities, drawing from international standards while accommodating local business practices.

Key Distinction

Unlike GDPR, UAE Federal Law does not require explicit consent for all processing. Legitimate business interests and contractual necessity provide broader legal bases.

Lawfulness & Transparency

Processing must be lawful with clear disclosure to data subjects

Purpose Limitation

Data processed only for specified legitimate purposes

Data Minimization

Collection limited to what is necessary

Accuracy

Personal data must be accurate and updated

Storage Limitation

Retained only as long as necessary

Security

Appropriate measures to protect personal data

Dubai

DIFC Data Protection Law

DIFC Law No. 5 of 2020 provides a comprehensive GDPR-aligned framework for entities operating within the Dubai International Financial Centre.

  • Commissioner of Data Protection
  • GDPR-equivalent protections
  • Common law jurisdiction
  • Independent enforcement
Abu Dhabi

ADGM Data Protection

The Abu Dhabi Global Market Data Protection Regulations 2021 mirror GDPR provisions, offering familiar compliance pathways for international businesses.

  • GDPR-style regulations
  • Registration Authority oversight
  • Adequacy recognition potential
  • Cross-border transfer mechanisms
International Transfers

Cross-Border Framework

UAE Federal Law requires adequate protection for international transfers. DIFC and ADGM recognize EU adequacy decisions and GDPR-aligned transfer mechanisms.

Adequacy (Federal)

Transfers to approved jurisdictions

SCCs (DIFC/ADGM)

Standard contractual clauses available

Consent

Explicit consent for transfers

Contractual Necessity

Required for contract performance

UAE-India Data Bridge

Our Dubai hub provides expert guidance on navigating the UAE's tri-jurisdictional framework for India-bound data flows.

Get in Touch