The Data Protection Law, DIFC Law No 5 of 2020 (the DP Law 2020) addresses issues around direct marketing and electronic communications on a basic level. Perhaps not as extensively as other standards such as the EU e-Privacy legislation governing marketing, cookies, and other forms of online monitoring, targeting and communications, but various articles provide requirements when collecting and using Personal Data for through cookies and for electronic communications of any kind – traditional direct marketing is not the only form of electronic communications, and your compliance with all requirements is the difference between a large fine and recommended remedial actions.
In practice, Personal Data can be all sorts of things. It includes employee files that contain hiring and termination information, health insurance information, or anything else employment related that identifies that person. It is client data, including information recorded on invoices, from business cards, on reservation apps or books, and so on. It can be supplier data, recorded in or as a result of any contracts for services or goods. PD is not limited by any other distinctions, such as business or personal, public or private, large amounts or small amounts. If it identifies somebody, then it is PD.
Personal Data, if any, that is collected as a result of completing this assessment will be handled in accordance with the DIFC Online Data Protection Policy.
Please note that assessment tool / guidance is for informational purposes only and should not be construed as legal advice provided by the Commissioner’s Office.