The Data Protection Law, DIFC Law No 5 of 2020 (the DP Law 2020) addresses issues around notices and information that must be shared with individuals when collecting Personal Data directly or indirectly from them for use within your business.
In practice, Personal Data can be all sorts of things. It includes employee files that contain hiring and termination information, health insurance information, or anything else employment related that identifies that person. It is client data, including information recorded on invoices, from business cards, on reservation apps or books, and so on. It can be supplier data, recorded in or as a result of any contracts for services or goods. PD is not limited by any other distinctions, such as business or personal, public or private, large amounts or small amounts. If it identifies somebody, then it is PD.
A privacy notice must contain both clear and plain language, as well as lawful basis/es for processing Personal Data. The notice must also clarify information about who your company shares it with, how they can access it, to whom they may complain or ask question about the processing, etc.
Personal Data, if any, that is collected as a result of completing this assessment will be handled in accordance with the DIFC Online Data Protection Policy.
Please note that assessment tool / guidance is for informational purposes only and should not be construed as legal advice provided by the Commissioner’s Office.