These data controllers usually have control over those high risk entities that process 10,000 or more data subjects, including those largely operating in the education, finance, health ...

Section 18 (1) of the Data Protection Act provides that no person shall act as a data controller or data processor unless registered with the data commissioner. A data controller, on the one hand ...

The commissioner notes further that most of the breaches reported to the OIC have resulted from malicious acts by third parties with damage to the data controller, data processor or the data subject.

The European Data Protection Board (EDPB), the umbrella group of the EU’s data protection authorities, has issued new Guidelines 01/2024 of October 9, 2024 on the processing of personal data ...

Another example is processing the data of children. The law requires that data controller/ processor obtain the permission of the parent/ authorised guardian of any person below the age of 18.

The DIFC Data Protection Law No. 5 of 2020 (DIFC Data Protection Law) was amended on 8 July 2025 to introduce several substantive changes.

Major Data Processing (MDP) is classified into 3 levels, namely: Ultra High Level (UHL), Extra High Level (EHL) and Ordinary High Level (OHL) of Major Data Processing.