+44 01509 974112 info@mpilearning.com
Select Page

2022 UAE Data Protection Law. Steps to success.

MPI Learning Blog

Professional Leadership Book by MPI Learning, available on amazon.co.uk

Professional Leadership, a Leadership book for 2023 and beyond.

International leadership experts share their proven world-class expertise and thinking on how to lead cultural transformation to enhance business outcomes.

UAE Data Protection Law


A new range of legal reforms has recently been introduced to the UAE. Namely the UAE federal Decree-law No 45 regarding Personal Data Protection.

The EU went through similar changes back in 2018 with the implementation of “GDPR” and if any lessons can be learnt from that, this is something that requires careful planning and preparation to avoid any issues, challenges or potential fines come the day they go live.

I have taken the opportunity to highlight some of the items that all companies will need to consider when working their way through the list of requirements that need to be completed ahead of deadline day come November 2022.

The aim of the law is to ensure that all data is kept safe, secure and held in a transparent and accurate manner.

Data Subjects – you the customer now will have much greater control and say in how your data is managed, and shared.

There must be specific reasons why your data is held and for what purpose and for how long.

Listed below are some tips/suggestions to help Companies in their planning for this Legal Degree.

Not exhaustive by any means however will start you thinking that this is something that requires a lot of thought and careful and strategic planning to ensure success and preparedness come live day.

UAE Data Protection Law

DPIA – Data Protection Impact Assessment

This will be required to commence any workstream ahead of any project. The aim of the DPIA is to perform a health check against current state v desired state in terms of what you need to complete to be compliant.

DPO – Data Protection Officer

A new and vital role going forwards this or these people will ensure strict compliance with the laws and will be a point of contact for the company with the Supervisory Authority.

These people can be an existing employee, or this can be outsourced to a third party. Reporting line must be to the senior levels within the organisation and the roles impartiality is paramount.

The recruitment for this role will be a clear signal to the regulator that you are giving data Protection the level of focus that is required.


This will require the highest levels of support from the Board, cascading throughout the organisation
A working group will need to be established to cover Personal data audits, Gap Analysis, Project management parameters, and to ensure all key stakeholders are ready for the cultural change that is coming.


There are various programmes that will benefit companies as early in the process as possible.

Training for all staff is a must from awareness of what is required to more specific and technical areas such as the DPO role and Processing and controlling functions that will be required.

Add this to your HR budgets for 2022 now. Training will become an ongoing part of your training budgets going forwards.


The Protection law also expects you to have clear governance about how you manage data to outside countries. Therefore, if your organisation manages clients multi country this will need to be evidenced just as it will be for UAE residents.


The timelines are incredibly tight when all that is required is considered.

With further changes will come later this year with regards to possible enforcement actions for non-compliance there is no time to waste in starting the work.

The EU legislation imposed heavy fines for non-compliance and we must assume that similar penalties may come into effect in the UAE, this is to be confirmed around March /April time.

For more information on the support we provide around Data Protection click here.

More news from MPI Learning

MPI Learning and Vinsys strike a strategic partnership in 2023
The partnership will combine Vinsys’ expertise in delivering high-quality, technology-based training solutions with MPI’s reputation for delivering innovative, research-based professional development programs.
Announcing our new Managing Director
We are delighted to announce the appointment of a new Managing Director – “Michael Smith - FLPI”
MPI Learning publishes a Leadership Book
International leadership experts share their proven world-class expertise and thinking on how to lead
2022 UAE Data Protection Law. Steps to success.
A new range of legal reforms has recently been introduced to the UAE. Namely the UAE federal Decree-law No 45 regrading Personal Data Protection.
The Evolution of MPI
As we head into our 13th year of business, we feel it is time for a refresh and a change as the current brand doesn’t quite represent who we are now as a business.
Our new office location
MPI has moved into a new office located at 44-46 Forest Rd, Loughborough, LE113NP.

If you would like to know more please get in touch


Skip to content