The PDPL is an all-inclusive legal framework that aims to protect personal data, hold parties accountable, and regulate its processing in the UAE as well as externally.

The law extends to entities conducting activities in the UAE or processing the data of UAE residents, including foreign institutions. Some, for example government bodies, are exempt.

People have the right to access, correct, delete, and restrict the processing of their personal data, among other things.

Organizations must ensure data security, appoint Data Protection Officers (DPOs) where applicable, and comply with data processing and transfer regulations.

Data can be transferred abroad only if adequate protection levels are ensured, or appropriate safeguards are in place.

The breaches could lead to administrative fines and other legal consequences which the UAE Data Office determines.

Personal information that would be biometric or health-related may need higher level protection or more strict conditions governing its handling.

Certain provisions are exempt from small entities depending on the volume of data that is processed according to the UAE Data Office.

The UAE Data Office looks after compliance, handles complaints, and issues guidelines on the practices of data protection.

All breaches should be notified to the UAE Data Office and individuals concerned without delay, indicating the type of breach and remedial action.