UAE PDPL: What IT Decision Makers Need to Know
The UAE Federal Personal Data Protection Law (PDPL) is fully in effect. Non-compliance exposes businesses to fines of up to AED 5 million.
Key IT Requirements
1. Data Inventory: Know where personal data is stored, who has access, and how long it is retained. Create a data map covering all databases, cloud services, CCTV systems, and email.
2. Technical Security Measures:
- Encryption at rest (BitLocker, Azure Disk Encryption)
- Encryption in transit (TLS 1.2+, HTTPS only)
- Access controls: only authorised staff can access personal data
- Logging and monitoring of access to personal data
3. Data Retention and Deletion: Define retention periods per data category. Automate deletion. CCTV footage must be deleted after the retention period.
4. Breach Notification: In the event of a data breach, notify the UAE Data Office within 72 hours if breach is likely to cause harm. Have an incident response plan documented.
5. Cross-Border Data Transfers: Transferring UAE residents data outside UAE requires either an approved country list or contractual safeguards. Review all SaaS applications processing UAE personal data.
PDPL IT Compliance Checklist
| Requirement | Status |
|---|---|
| Data inventory completed | Yes / No |
| Encryption at rest on servers | Yes / No |
| TLS enabled on all web applications | Yes / No |
| Access controls on personal data | Yes / No |
| Retention policy documented | Yes / No |
| Breach notification process defined | Yes / No |
| Cloud providers reviewed for data residency | Yes / No |
SAS IT helps Dubai businesses achieve PDPL IT compliance. Free compliance review | +971-526716178
*Related: Managed IT Services Dubai | Networking & Security Dubai*
Tags
SAS IT Services — Dubai
Need expert IT support?
Our certified engineers cover all of Dubai & UAE with same-day response and 24/7 support contracts.