Dubai PDPL

What is the Dubai PDPL?


The Dubai Personal Data Protection Law (PDPL), effective July 2023, is the most comprehensive data protection law in the Emirate of Dubai and the UAE. The law is very similar to the European GDPR and grants data subjects rights, such as the right to know, access, the right to be forgotten, data portability, and others.

On top of that, it also imposes GDPR-like obligations to companies, including:

  • Data minimization and purpose limitation in data processing
  • Implementing appropriate safeguards to secure the data from unauthorized access and prevent data breaches
  • Honor data subject requests
  • Provide users with a notice of your privacy practices, usually in the form of a privacy policy
  • Collect explicit consent for data processing unless you have another legal basis
  • Conduct data protection assessments where necessary
  • Appoint a Data Protection Officer where required.

MergeBase and the Dubai PDPL


The Dubai PDPL applies to MergeBase when we engage with customers from Dubai, which means that in general, it does not apply to us. Nevertheless, being compliant with the PIPEDA, the GDPR, the UK DPA, and many other laws worldwide make it easy for us to comply with the Dubai PDPL as well.

Our role isn’t limited to just following the rules ourselves, however. We also help our customers understand and comply with Dubai’s privacy laws. This means that MergeBase not only adheres to these data protection regulations but also assists our customers in navigating them, ensuring that both our operations and those of our customers are in sync with Dubai’s data privacy standards.


How Can MergeBase Help You Comply with the Dubai PDPL


Under the Dubai Privacy Protection Law (PDPL) effective from July 2023, MergeBase offers crucial support for companies aiming to align with PDPL’s data handling regulations, including:

Data Minimization (Article 8). MergeBase targets vulnerabilities in open-source components, reducing the personal data footprint within applications and adhering to PDPL’s data minimization principle. It also identifies and eliminates unnecessary or outdated dependencies, decreasing the potential exposure of personal data.

Data Security (Article 14). MergeBase enhances security through continuous vulnerability scanning in open-source components, enabling swift identification and rectification of potential threats. It prioritizes vulnerabilities by severity, guiding focused remediation efforts, and integrates with patch management tools for timely vulnerability resolution, minimizing personal data risks.