Download the PDF here.

Download the comparative guide above.

Abu Dhabi Global Market (“ADGM”) announced on 14 February 2021 that it has enacted the Data Protection Regulations 2021 (the “ADGM DP Regulations”), which will replace the current ADGM Data Protection Regulations 2015. The latter will be repealed, allowing for the ADGM DP Regulations to become enforceable in accordance with the following timeline:

  • in respect of existing establishments in ADGM, following a 12-month transition period, namely on 14 February 2022; or
  • in respect of new establishments that are registered in ADGM, following a 6-month transition period on or after 14 February 2021, namely on 14 August 2021.

The purpose of the ADGM DP Regulations is to align the ADGM’s legal framework for the processing of personal data with the Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR”), the latter being regarded as the leading international standard and best practice in data protection legislation. It is to be noted that the newly established independent ADGM Office of Data Protection, headed by a commissioner, is currently revising and updating its guidance in line with the ADGM DP Regulations.

In July 2020, Dubai International Financial Centre (“DIFC”) paved the way by adopting its most recent DIFC Data Protection Law No. 5 of 2020 (the “DIFC DP Law”) in a similar effort to adapt its data protection legal framework with the GDPR. The DIFC DP Law became fully enforceable after a 3-month transition period, i.e. on 1 October 2020.

While both the DIFC DP Law and the ADGM DP Regulations pursue analogous objectives, the table in this comparative legal analysis aims to underline some of their key features in a comparative manner. Please note that DIFC and ADGM have each appointed a commissioner as the supervisory authority in relation to data protection matters (a “Commissioner”).

DIFC DP Law (Concept of personal data):

Personal data means information referring to an identified or identifiable natural person; the latter being a natural living person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to his biological, physical, biometric, physiological ,mental, genetic, economic, cultural or social identity.

ADGM DP Regulations (Concept of personal data):

Personal data means any information relating to a data subject; the latter being an identified or identifiable living natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic ,mental, economic, cultural or social identity of that natural person.

Romain Rolland
Romain Rolland
Associate