Article 11-Roles of DPO | UAE Personal Data Protection Law

Article 1: Definitions

Article 2: Scope of Application of the Decree by Law

Article 3: Bureau's Power of Exemption

Article 4: Cases of Processing Personal Data without the Consent of its Owner

Article 5: Personal Data Processing Controls

Article 6: Terms of Consent to Data Processing

Article 7: The Controller's General Obligations

Article 8: The Processor's General Obligations

Article 9: Reporting Personal Data Breach

Article 10: Appointing Data Protection Officer

Article 11: Roles of Data Protection Officer

Article 12: Duties of the controller and the processor towards the Data Protection Officer

Article 13: Right to Receive Information

Article 14: Right to Request Transfer of Personal Data

Article 15: Right to correction or erasure of Personal Data

Article 16: Right to Restrict Processing

Article 17: Right to Stop Processing

Article 18: Right to Processing and Automated Processing

Article 19: Contacting the Controller

Article 20: Personal Data Security

Article 21: Assessment of the Impact of Personal Data Protection

Article 22: Cross-Border Transfer and Sharing of Personal Data for Processing Purposes if a Proper Protection Level is Available

Article 23: Cross-Border Transfer and Sharing of Personal Data for Processing Purposes if a Proper Protection Level is not Available

Article 24: Complaints

Article 25: Grievance against the Bureau's Decisions

Article 26: Administrative Penalties

Article 27: Authorization

Article 28: The Executive Regulation

Article 29: Regularisation

Article 30: Repeals

Article 31: Publication & Enforcement of this Decree by Law

Article 11

The Data Protection Officer shall ensure the extent of compliance of the Controller or the Processor with the application of provisions of this Decree by Law, its Executive Regulations and instructions issued by the Bureau. The Data Protection Officer shall, in particular,
undertake the following tasks and powers:
a. Verifying the quality and correctness of the procedures in place at the Controller and the Processor.
b. Receiving requests and complaints related to Personal Data in accordance with provisions of this Decree-Law and its Executive Regulations.
c. Providing technical advice on evaluation procedures and periodic examination of personal data protection systems and intrusion prevention systems at the Controller and Processor, documenting the results of such evaluation and providing appropriate recommendations in this regard, including risk assessment procedures.
d. Acting as a link between the Controller or the Processor, as the case may be, and the Bureau regarding the application of personal data processing provisions stipulated in this Decree by Law.
e. Any other tasks or powers which are determined in accordance with the Executive Regulations of this Decree by Law.
The Data Protection Officer shall maintain the confidentiality of information and data it receives in implementation of its duties and powers in accordance with provisions of this Decree by Law and its Executive Regulations and in accordance with the legislations in force in the State.