Employee Data Privacy

United Arab Emirates - Data Protection Officer

 Download as a PDF

What is, and which organizations have to appoint a DPO?

A Data Protection Officer (DPO) is a person in charge of verifying the compliance of personal data processing with the applicable law. The DPO communicates information on processing personal data such as its purposes, interconnections, types, categories of data subjects, length of retention and department(s) in charge of implementing processing. DPOs may be required by law or recommended. There is no requirement to appoint a data protection officer in mainland UAE.


Some free trade zones in the UAE require data protection officers in certain cases. For example, the Dubai International Financial Center requires appointing a DPO when an employer (or other Controller) or Processor is performing high-risk processing activities on a systematic or regular basis (DIFC Law No. 5 of 2020, Art. 6). The Abu Dhabi Global Market requires that employers (and other Controllers and Processors) appoint DPOs when: (i) they are a public authority; (ii) when engaging in core activities that consist of regular and systematic monitoring of data subjects on a large scale; or, (iii) when engaging in core activities that consist of processing special categories of personal data on a large scale (ADGM Data Protection Regulations 2021, Section 35).

UKG's HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where UKG's customers have employees. HR Compliance Assist is a service exclusively available to UKG customers.

Share Your Feedback

Let's Talk