Employee Data Privacy

United Arab Emirates - Fines and Penalties

 Download as a PDF

What are the penalties for noncompliance with any applicable data protection laws?

Noncompliance with data privacy laws and data breaches may lead to sanctions, fines, and penalties. The amounts are usually calculated according to the risk to which personal rights were exposed and the preventive measures taken by the data controllers, processors and sub-processors in relation to their respective role in the chain of personal data processing.

Under the UAE Penal Code (Art. 431) individuals who violate the private or familial life of individuals without the individual’s consent can be subject to detention and a fine (public servants may be subject to a fine and detention of seven years).

Those who are entrusted to a secret based on their profession, and divulge it without authorization from the confiding person (except where allowed by law) may be sentenced to one year detention (up to five years for public servants) and/or a minimum of 20,000 dirham (Art. 432). Penalties for privacy-related crimes under the Law Combatting Cybercrimes may involve imprisonment for 6 months or a year and fines of up to 500,000 dirham.

Federal Decree-Law No. 45 of 2021 regarding the Protection of Personal Data (PDPL) will include penalties for violations of the law. These will be determined by the Executive Regulations, which have not been published as of August 2022.

Free trade zone protection laws include civil penalties rather than criminal penalties (i.e., there are no prison terms for violations). Sanctions may include fines, public admonishments and the regulator requiring that certain actions are taken. Fines for administrative breaches in the free trade zones are usually in US dollars. In the Dubai International Financial Center (DIFC), fines generally do not exceed 100,00 USD. Note that the Dubai International Financial Centre (DIFC) Commissioner of Data Protection has no upper limit on the potential fine that can be issued for serious non-administrative breaches of the law. The Abu Dhabi Global Market (ADGM) Commissioner of Data Protection may issue fines of up to 28 million USD (ADGM Data Protection Regulations 2021, Section 55).

UKG's HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where UKG's customers have employees. HR Compliance Assist is a service exclusively available to UKG customers.

Share Your Feedback

Let's Talk