Skip to content
Home » Blog » ADGM Data Protection-Regulations 2021

ADGM Data Protection-Regulations 2021

In this article we will be diving deep about this interesting topic ADGM Data Protection-Regulations 2021.

    Now, let us see what it means !

ADGM : 2021

– The Abu Dhabi Global Market (‘ADGM’) Board of Directors (‘the Board’) enacted1 the new ADGM Data Protection Regulations 2021 (‘the Regulations’) on February 11, 2021. On February 14, 2021, the new Regulations were issued. Sayid Madar, Senior Specialist at the ADGM Office of Data Protection, discusses the new ADGM Regulations 2021 and what they represent for enterprises and organizations having an ADGM presence.
    – New laws aiming at improving the security of personal data processed by ADGM have been implemented.
    – The ADGM Board has appointed Mr. Sami Mohammed as the ADGM Commissioner of Data Protection.
    – The European Union’s General Data Protection Regulation (which took effect in May 2018) is the leading international standard and best practice for comprehensive Data Protection law, according to international benchmark for best practices and international standards for ADGM. The revised Regulations have been tailored to ADGM’s needs and are designed to be proportionate and business-friendly, without jeopardizing the primary goal of achieving a high level of personal data security.
    – The formation of an independent Office of Data Protection, led by a Commissioner of Data Protection, is a key feature of the new system. Mr. Sami Mohammed has been chosen by the ADGM Board to serve as the organization’s commissioner for data protection. Mr. Mohammed has over 18 years of experience in the UAE’s public and private sectors, working in areas such as financial services, commercial legislation, data privacy and protection, anti-money laundering, and counter-terrorism funding, in roles such as licensing, supervision, enforcement, and policy. Mr. Mohammed has been appointed for a four-year first term.
    – Adoption of the new Regulations will result in major changes and new duties for Data Controllers and Data Processors, according to ADGM. As a result, starting on February 14, 2021, a 12-month transition time for existing enterprises and a 6-month transition period for new establishments is proposed.

ADGM : In Big People Words

– “ADGM is extremely pleased to create such a world-class data protection framework that safeguards personal data while staying balanced and business-friendly,” stated **Dhaher Bin Dhaher Al Mheiri, CEO of the ADGM Registration Authority.** The ADGM is now a regional leader in data protection thanks to these new regulations.”
    – “I am happy to take up this crucial responsibility as the ADGM Commissioner of Data Protection, as we adopt the new Data Protection Regulations 2021,” stated **Sami Mohammed, ADGM Commissioner of Data Protection.** Entities can be assured of the highest levels of data protection by implementing the new legislation, which are in accordance with international best practice. I look forward to working with all stakeholders, on behalf of the Office of Data Protection, to ensure that personal data is treated in compliance with the Regulations.”

ADGM : Key Features

– While the 2015 Regulations and the new Regulations have many similarities, there are additional duties that all ADGM establishments must consider while reviewing their data protection compliance program.
    – The Regulations are closely related with the GDPR, as previously stated. As a result, organizations that now collect personal data of EU citizens should be conversant with important elements. The addition of the accountability obligation to the principles is one of them. Portability, erasure, objection, restriction, and particular rights over automated decision-making and profiling have been added to the list of data subject rights. Individuals now have the right to seek compensation from a controller or processor if the Regulations are broken.
    – In addition, the Regulations keep the duty to register with the Office of Data Protection (‘ODP’), but add a new responsibility to notify the ODP. In some cases, such as data breaches, DPIAs, and Binding Corporate Rules approvals, notice may be required.
    – In some situations, the appointment of a data protection officer (‘DPO’) is required. The DPO is not required to be based at the ADGM and might represent a group of enterprises. There is also an obligation to keep track of processing activity and perform Data Protection Impact Assessments (‘DPIA’) when proposed processing activities pose a significant danger to persons’ rights and freedoms.
    – Many international and multinational organizations operating in the ADGM should be familiar with the Regulations’ overall core principles. Extending existing EU or UK data protection compliance program to the ADGM would put such organizations in a better position as the new ADGM Regulations approach their effective date.

ADGM : Exemptions

    – Micro-businesses operating in the ADGM are granted some restricted exemptions under the Regulations. Businesses with fewer than five employees are exempt from paying the data protection fee.
    – They are also exempt from the requirement of a DPO. The exemptions, on the other hand, aren’t valid if the company engages in our high-risk processing operations.

The ODP and the Commissioner for Data Protection

    – The Office of the Data Protection Commissioner and the ODP
    The Regulations establish an independent Office of Data Protection (ODP) and a Data Protection Commissioner (‘the Commissioner’). The revised Regulations define the Commissioner’s function and responsibilities, which include supervisory, monitoring, and enforcement powers.
    – The Regulations give the ADGM Commissioner of Data Protection the Middle East’s toughest penalty regime. Fines of up to $28 million can be imposed by the Commissioner.
    – Mr. Sami Mohammed has been appointed as a Commissioner for a four-year term by the Board. Mr. Mohammed has over 18 years of experience in the UAE’s public and private sectors, covering financial services, commercial legislation, data privacy and protection, anti-money laundering and counter-terrorism financing, and diverse responsibilities such as licensing, supervision, enforcement, and policy. Mr Mohammed was the acting Director of the ODP prior to his appointment.

Regulatory Approach

    – The ODP will publish its regulatory plan and issue additional guidance on the new Regulations in the upcoming months. In order to clarify fees and other aspects of the Regulations, the Board will also issue secondary legislation in the form of regulations. The ODP will make sure it uses the new authority fairly, and efficiently. The ODP will be a strong and firm regulator for organizations that carelessly or intentionally violate the Regulations.
    – In the next months, the ODP plans to release critical material, including its draught Regulatory Action Policy for public comment. This will provide us more information about how to use the powers granted by the Regulations.


    That’s all about the ADGM Data Protection-Regulations 2021. After reading this essay, I hope you found it enjoyable and learned something new. We have learned about ADGM 2021, its key features, people reviews on it, its exemptions, commissioner of The ODP and the Commissioner for Data Protection, and its regulatory approach.

Leave a Reply

Your email address will not be published.