DPDPA is now in force in India. Run a free privacy scan on your site. Scan now

๐Ÿ‡ฆ๐Ÿ‡ช United Arab Emirates

PDPL UAE

Federal Decree-Law No. 45 of 2021 on Personal Data Protection

In short
The UAE federal data protection law generally requires clear, specific and informed consent before processing personal data, unless another lawful basis applies, with stricter handling for sensitive data and cross-border transfers.
Region

United Arab Emirates

Status

In force since 2022

Group

Asia & Africa

Who must comply

Controllers and processors that process personal data of data subjects in the UAE, with some exemptions for the financial free zones that have their own regimes.

Penalties

Penalties are set by executive regulations and administrative decisions, with fines for non-compliance once the implementing rules apply.

Key obligations

  • Obtain clear, specific and informed consent where required
  • Provide notice of purpose and processing
  • Honor access, correction, deletion, portability and objection rights
  • Apply appropriate security and conduct impact assessments
  • Meet conditions for cross-border data transfers

How ConsentX helps

Clear, specific opt-in consent capture

Geo-aware banner for UAE visitors

Full rights workflow including portability

Consent receipts and evidence logs

Region rule engine tuned for the UAE

Get PDPL UAE ready with ConsentX

Get started free Book a demo

This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified local counsel.

How to comply with PDPL UAE using ConsentX

  1. 1

    Scan your website

    Run a free scan to find every cookie and tracker on your site, so you know exactly what needs consent under PDPL UAE.

  2. 2

    Show a geo-aware consent banner

    Add the ConsentX banner. It detects each visitor region and shows the consent experience that PDPL UAE requires, automatically.

  3. 3

    Block trackers until consent

    Keep non-essential cookies and trackers blocked until the visitor agrees, so nothing fires before consent.

  4. 4

    Record tamper-evident proof

    Every choice is stored as a tamper-evident consent receipt you can produce in a PDPL UAE audit.

  5. 5

    Handle data requests on time

    Use the built-in DSAR workflow with SLA timers to answer access, deletion and opt-out requests within the legal deadline.

Frequently asked questions

Does the UAE require consent for processing?+

Consent is generally required unless another lawful basis applies, and it must be clear, specific and informed.

Do the DIFC and ADGM follow this federal law?+

No. The financial free zones DIFC and ADGM operate their own separate data protection regimes.

Countries under PDPL UAE

๐Ÿ‡ฆ๐Ÿ‡ช ุงู„ุฅู…ุงุฑุงุช ุงู„ุนุฑุจูŠุฉ ุงู„ู…ุชุญุฏุฉ

Other regulations

๐Ÿ‡ช๐Ÿ‡บ GDPR๐Ÿ‡ฌ๐Ÿ‡ง UK GDPR๐Ÿ‡บ๐Ÿ‡ธ CCPA / CPRA๐Ÿ‡บ๐Ÿ‡ธ VCDPA๐Ÿ‡บ๐Ÿ‡ธ Colorado CPA๐Ÿ‡บ๐Ÿ‡ธ CTDPA๐Ÿ‡บ๐Ÿ‡ธ UCPA๐Ÿ‡บ๐Ÿ‡ธ TDPSA๐Ÿ‡บ๐Ÿ‡ธ Oregon OCPA๐Ÿ‡บ๐Ÿ‡ธ Montana MCDPA๐Ÿ‡บ๐Ÿ‡ธ Florida FDBR๐Ÿ‡ง๐Ÿ‡ท LGPD๐Ÿ‡จ๐Ÿ‡ฆ PIPEDA๐Ÿ‡ฎ๐Ÿ‡ณ DPDPA๐ŸŒ PDPA๐Ÿ‡ฟ๐Ÿ‡ฆ POPIA๐Ÿ‡จ๐Ÿ‡ญ FADP๐Ÿ‡จ๐Ÿ‡ฆ Law 25๐Ÿ‡ฒ๐Ÿ‡ฝ LFPDPPP๐Ÿ‡ฆ๐Ÿ‡ท PDPL๐Ÿ‡จ๐Ÿ‡ฑ Law 21.719๐Ÿ‡จ๐Ÿ‡ด Law 1581๐Ÿ‡ต๐Ÿ‡ช Law 29733๐Ÿ‡บ๐Ÿ‡พ Law 18.331