On 25 July 2021, Abu Dhabi Global Market (“ADGM”) issued new rules supplementing the Data Protection Regulations 2021 (the “ADGM DP Regulations”) previously adopted at the beginning of the year, namely:
- Data Protection Regulations (Fees) Rules 2021 (the “Fees Rules”); and
- Data Protection Regulations (Fines) Rules 2021 (the “Fines Rules”).
In line with the transition periods provided by the ADGM DP Regulations, both the Fees Rules and the Fines Rules apply:
- from 14 August 2021, to entities registered on or after 14 February 2021 – currently applicable; and
- from 14 February 2022, to entities registered before 14 February 2021.
In accordance with Article 24 of the ADGM DP Regulations, the Data Protection Fee to be paid by the controller prior to the commencement of its processing activities as well as the renewal fee to be paid by the same on every anniversary of its processing activities have been set at USD 300 in the Fees Rules.
Furthermore, Article 56 of the ADGM DP Regulations sets out that a fine may be imposed by the Commissioner where the Controller fails to pay the data protection fee or the renewal fee. Such failures will respectively be subject to fines of up to USD 750 and USD 250.
More recently, the ADGM Office for Data Protection published its Data Protection Guidance 2021, an 8-part series aiming at assisting businesses to better understand and comply with their obligations under the ADGM DP Regulations, and focusing on the following topics:
- key concepts, terms, scope, principles of processing and lawful bases for processing personal data;
- data subject rights and controllers’ obligations regarding individual rights requests;
- data protection by design an default, fees, recording of processing activities (“RoPA”), requirement of data protection officer and processors’ obligations.
- data protection impact assessment (“DPIA”);
- security of processing, cessation of processing and management of personal data breaches;
- international transfers of person data;
- code of conduct mechanism; and
- individual rights and remedies.
It is worth noting that, in addition to the above, a number of template documentation has also been made available by the Office for Data Protection, including:
- template appropriate policy document (Article 7 of the ADGM DP Regulations);
- sets of standard contractual clauses for the purpose of lawfully transferring personal data out of ADGM (Article 42 of the ADGM DP Regulations) and ensuring that the contractual obligation binding processors fulfil certain requirements (Article 26 of the ADGM DP Regulations);
- template RoPA (Article 28 of the ADGM DP Regulations); and
- template DPIA (Article 34 of the ADGM DP Regulations).
Our Experience
lecocqassociate provides a full range of financial regulatory, corporate and commercial advice in relation to the structuring and incorporation of entities. The group is gaining a reputation for outstanding service in the areas of data protection and online reputation management, as well as cyber security.
This article is for information purposes only. It does not constitute professional advice or an opinion. Please contact us at info@lecocqassociate.com for any questions.