ADGM commences public consultation on proposed new Data Protection Regulations

December 2020

ADGM that it has published a public consultation paper on its proposed new Data Protection Regulations, which will substitute the Data Protection Regulations 2015.

Global attention has been drawn towards enhancements in data protection regulations, with many jurisdictions making reference to the European Union’s General Data Protection Regulation (GDPR), implemented in 2018, regarding the protection of natural persons concerning the processing of personal data. This trend reflects both a recognition of the importance of personal data rights, as well as a compulsion to remain privy to the ongoing developments of an increasingly digital economy.

ADGM believes the GDPR, together with other related initiatives, are the appropriate best practice benchmarks for robust data protection legislation and have used these as a reference for the proposed new Data Protection Regulations. The new framework is adapted to ADGM’s needs and is intended to be proportionate and business-friendly, while solidifying the IFC’s key ambition of achieving a high standard of personal data protection.

An important feature of the new data protection regime is the proposal to establish an independent Office of Data Protection, headed by a Commissioner of Data Protection, and empowered to monitor compliance with the framework and ensure appropriate enforcement in cases of non-compliance.

Dhaher Bin Dhaher Al Mheiri, CEO of the ADGM Registration Authority, said, “These new stand-alone Data Protection Regulations provide a robust and internationally recognised legislative framework that protects personal data, while also remaining balanced and business-friendly. The Regulations reinforce ADGM’s commitment to regulatory best practice and provide consistency with other international data protection regimes to assist both multi-national companies and start-ups looking to scale internationally to thrive when operating in ADGM.”

ADGM recognises that the adoption of the new Regulations will result in significant changes and additional responsibilities for Data Controllers and Data Processors. Accordingly, a transition period of 12 months has been proposed for current establishments, and 6 months for new establishments, from the date of enactment.