UAE PDPL Gap Analyzer
Federal Decree-Law 45/2021 โ Full compliance deadline: January 1, 2027
27-Item PDPL Checklist โ 0/27 (0%)
Lawful Basis
Documented lawful basis for each processing activity
Consent mechanisms with clear opt-in/opt-out
Legitimate interest assessments documented
Purpose Limitation
Processing purposes explicitly defined
No secondary use without additional lawful basis
Data Minimization
Only necessary data collected
Data fields reviewed and minimized
Accuracy
Data accuracy verification procedures in place
Storage Limitation
Retention schedules defined and enforced
Deletion/anonymization procedures active
Security
Technical security measures (encryption, access control)
Organizational security measures (policies, training)
Accountability
Record of Processing Activities (RoPA) maintained
Rights
Data subject access request process
Right to rectification process
Right to erasure (deletion) process
Right to data portability process
Right to object process
Automated decision-making safeguards
Cross-Border
Data transfer impact assessment for international flows
Standard contractual clauses or BCRs in place
Breach
Data breach notification plan (UAE Data Office + individuals)
Breach detection and response team designated
DPO
Data Protection Officer appointed (if required)
DPO independence and reporting line established
Vendors
Processor agreements with Article-compliant clauses
Training
Staff privacy awareness training program
0%
Compliance Score
Regime Comparison
| PDPL | DIFC | ADGM | |
|---|---|---|---|
| Law | DL 45/2021 | Law 5/2020 | DPR 2021 |
| Deadline | Jan 2027 | Active | Active |
| DPO | Conditional | Required | Required |
| GDPR-like | Aligned | Very close | Close |
Legal References
Federal Decree-Law 45/2021
Effective: January 1, 2026
Full compliance: January 1, 2027
DIFC: Law No. 5/2020
ADGM: DPR 2021