Dubai Healthcare City - Health and Pharma Overview

UAE, Middle East

Up until recently, there were no explicit laws or authorities that dealt specifically with privacy and data protection in the UAE (excluding the Dubai International Financial Centre ('DIFC') and Abu Dhabi Global Market). The concepts of privacy and data protection were considered in a variety of federal laws and industry specific regulations set out below.

However, the introduction of Federal Law No. 2 of 2019 ('the Healthcare Data Protection Law') (only available in Arabic here) to the Dubai Health Care City ('DHCC') marks the first occasion where a specific law dealing with the protection of individuals' data has been specifically addressed in the UAE, and highlights a growing trend towards the development of more specific legislation to deal with personal data, cybersecurity and privacy issues across the Gulf Cooperation Council economies.

Furthermore, companies based in the UAE will need to consider the extent to which they may need to comply with the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'). Whilst the GDPR applies to companies located within the EU that hold personal data, it also applies to companies located outside the EU, such as the UAE, provided that such companies:

  • offer (or envisage offering) goods or services to data subjects in the EU; or
  • monitor the behaviour of data subjects in the EU.

Currently, 'personal data' is not defined under the laws of the UAE. Consequently, references to the same in this chapter are in its broader sense, and generally refer to data pertaining to individuals' private and family life, as such reference is set out to what pertains to be protected data under cur- rent UAE legislation, as set out under the Penal Code 1987 (Federal Law No. 3 of 1987) ('the Penal Code').

Please click here to read the Guidance.

This article was first published by platform.dataguidance.com in Dubai Healthcare City -Health and Pharma Overview. Its content has been reproduced with the permission of DataGuidance.