The New DIFC Data Protection Law 2020 has introduced the requirement for a Data Protection Officer (DPO) under certain circumstances. A DPO is responsible for overseeing a company’s data protection strategy and its implementation to ensure compliance with the new law.

DIFC companies are currently reviewing whether they need a DPO.

How can we help?

Al Tamimi & Company has partnered with White Label Consultancy (WLC), a boutique data protection and privacy consultancy, to assist DIFC companies with all their DPO needs and help fast track your journey to compliance.

Firstly, we can help you decide if you are conducting High Risk Processing Activities under the new law and, as a result, need a DPO.

If you do, we can help you determine how you are going to resource the DPO role. It is an important role and an important decision for DIFC companies. Some may have a DPO employed already at a group level in Europe. Others will appoint someone from their DIFC team. Others may wish to consider outsourcing the role to a third-party service provider with the required expertise. This is where we can help. If you are considering outsourcing all or part of your DPO function to a third-party service provider, we offer a DPO-as-a-Service (DPOaaS),

Here are some of the benefits:

• an on-demand team of privacy professionals to manage your privacy matters;
• obtaining ongoing support for daily privacy tasks and complex projects;
• drafting and implementing key policies and procedures; and
• training your employees and raising privacy awareness in your organisation.

We can tailor our DPOaaS offering to your needs. It can include:

• acting as your appointed DIFC DPO;
• managing communications with authorities, processors and data subjects;
• developing and maintaining your record of processing activities;
• conducting the data privacy annual assessment;
• updating, maintaining and implementing compliant privacy policies and procedures;
• negotiating privacy clauses in contracts with vendors;
• monitoring ongoing compliance with DIFC data protection requirements;
• undertaking data protection impact assessments;
• training your employees; and
• supporting you with data subject access requests and data breaches.

We can also offer training and ongoing back-office support for your designated DPO, or your local data protection “champion” supporting a group level DPO.

Delivery and Pricing

We offer several delivery and pricing options which we can tailor to suit your organisation’s size, requirements, and budget.

Want to know more?

If you would like to discuss this DPOaaS offering further, please contact the team at dataprotection@tamimi.com for immediate support.