UAE PDPL compliance
Turn the UAE's data-protection law into controls you can evidence.
The UAE Personal Data Protection Law places real obligations on any organisation that processes the personal data of individuals in the UAE — around consent, purpose, security, breach notification and cross-border transfer. We help you understand what you hold, put the right controls and processes in place, and be able to demonstrate compliance rather than assert it.
What UAE PDPL is
The UAE PDPL (Federal Decree-Law No. 45 of 2021) is the country's comprehensive data-protection framework. It sets principles for lawful processing, individual rights, data-security requirements, breach handling and rules on transferring personal data outside the UAE, overseen by the UAE Data Office.
Who needs it
Any organisation that collects or processes the personal data of people in the UAE — which is to say almost every business. Sectors handling large volumes of personal data (finance, healthcare, retail, telecoms, technology) face the most scrutiny.
How we help
- Data mapping — what personal data you hold, where, and why
- Gap assessment against PDPL obligations
- Privacy governance, policies and notices
- Consent, individual-rights and retention processes
- Data-security controls aligned to the law
- Breach-response and cross-border-transfer procedures
- Shadow-AI review — where personal data leaks into AI tools
FAQ
UAE PDPL — FAQs
Does the UAE PDPL apply to my business?
If you process the personal data of individuals in the UAE, almost certainly yes. The law applies broadly, with specific rules for sensitive data and for transferring data outside the country.
What's the link between PDPL and AI tools?
A major, often-missed one. Staff pasting personal data into consumer AI tools is, in effect, an uncontrolled cross-border transfer to a third party — a real PDPL exposure. We include Shadow-AI discovery in PDPL work for exactly this reason.
How do we handle cross-border data transfers?
The PDPL restricts transferring personal data outside the UAE unless certain conditions are met. We help you map your transfers and put the right legal and technical safeguards in place.
Other frameworks
All complianceStart with a paid, tightly scoped pilot
Prove whether your controls actually work.
Book a diagnostic assessment or an executive AI-risk tabletop. We'll show you the exploitable attack paths that matter — and how to close them.
Emergency response
Facing an active incident or suspected AI compromise? Reach our response coordination line directly.
Report an Incident