New framework: UAE Personal Data Protection Law (PDPL)

What's new?

Scrut now supports the UAE Personal Data Protection Law (PDPL) (Federal Decree-Law No. 45 of 2021) as part of our growing 70+ frameworks right out of the box. This comprehensive federal legislation establishes data protection standards aligned with international benchmarks, such as the GDPR, and applies to any organization that processes the personal data of UAE residents.

Why it matters

Whether you're operating in the UAE or offering services to UAE residents globally, you must comply with strict requirements around consent, data transfers, breach notification, and data subject rights. Scrut helps you navigate this complex regulation efficiently and demonstrate compliance to stakeholders.

• Extraterritorial Scope: The law applies to any Data Controller or Data Processor established outside the UAE that processes the personal data of data subjects residing in the UAE. This means companies globally that offer goods or services to UAE residents must comply.

• Strict Processing Requirements: Processing of personal data is prohibited without the Data Subject's clear, explicit, and unambiguous consent, unless a specific legal basis or exception applies (e.g., contractual necessity, public interest). Controllers must be able to prove consent.

• Enhanced Data Subject Rights: Personal data transfers outside the UAE are restricted unless the destination country is deemed to have an adequate level of data protection, or appropriate safeguards (like specific agreements or the Data Subject's consent) are implemented.

• Mandatory Breach Notification: Data Controllers must immediately notify the Bureau upon becoming aware of a personal data breach that may compromise the data subject’s privacy or confidentiality.

• Significant Penalties: Non-compliance can result in substantial administrative fines ranging from AED 50,000 to AED 5,000,000, along with potential criminal liability for serious offenses like unauthorized data disclosure.

How it works

• Access the UAE PDPL framework in the Frameworks module to view all requirements and obligations.

• Review detailed breakdowns of PDPL requirements, including consent rules, lawful processing bases, and data retention limits.

• Connect PDPL requirements to your internal policies, risk management processes, and technical documentation.

• Assign control owners and track implementation status for each requirement.

• Monitor your compliance progress through centralized dashboards.

• Generate comprehensive readiness reports to share with internal teams and external auditors.

Need help?

Your Customer Success Manager (CSM) is always ready to help if you need assistance. Explore all recent product updates → View now.