Data Privacy Rights Under the UAE PDPL (2026 Legal Guide) — Rules & Requirements

Researched by , Founder & Head Researcher

Primary sources cited; not legal advice.

Last verified:

Source: Federal Decree-Law No. 45 of 2021 (Personal Data Protection Law — PDPL); Cabinet Decision No. 111 of 2022 (Implementing Regulations)

About this article

Sourced from Omani royal decrees, ministerial decisions, and the Basic Statute of the State. Written in plain language for general understanding — this is educational content, not legal advice. Our editorial standards

Omani National Law

What is this right?

The UAE's Personal Data Protection Law (PDPL) gives consumers rights over how their personal data is collected and used:

  • Consent: Businesses must obtain your clear and explicit consent before collecting personal data, and must tell you why they need it.
  • Right to access: You can request a copy of all personal data a company holds about you.
  • Right to correction: You can ask a company to correct inaccurate data about you.
  • Right to deletion: You can request that your data be deleted when it is no longer needed for the purpose it was collected.
  • Data breach notification: Companies must notify the UAE Data Office and affected individuals of data breaches that pose a risk to rights and freedoms.
  • Cross-border transfers: Your personal data cannot be transferred outside the UAE unless the receiving country has adequate data protection or you consent.

When does it apply?

  • A business in the UAE collects, stores, or processes your personal data.
  • This covers data collected online and offline — apps, websites, loyalty programmes, and in-store forms.
  • The DIFC has its own Data Protection Law (DIFC Law No. 5 of 2020) enforced by the DIFC Commissioner of Data Protection. ADGM has separate Data Protection Regulations 2021 with its own Office of Data Protection. If a DIFC or ADGM entity holds your data, those frameworks apply instead of the federal PDPL.

What to Do If a UAE Company Misuses Your Personal Data

  • Read privacy policies before sharing your personal data with any company.
  • To exercise your rights, send a written request to the company's data protection officer or privacy contact.
  • If the company does not respond within a reasonable time, file a complaint with the UAE Data Office for mainland entities, the DIFC Commissioner of Data Protection for DIFC entities, or the ADGM Office of Data Protection for ADGM entities.
  • Revoke consent at any time if you no longer want a company processing your data.

What should you NOT do?

  • Do not share personal data without checking the privacy policy — understand how your data will be used.
  • Do not ignore data breach notifications — change your passwords and monitor your accounts immediately.
  • Do not assume deleting your account deletes all your data — explicitly request data deletion in writing.

About Consumer Rights in Oman

Your consumer rights sit under Federal Law No. 15 of 2020 — covering refunds, warranties, pricing transparency, and deceptive practices. Online purchases get clear product info, transparent pricing, and a cooling-off window. Where you complain depends on the emirate: Dubai shops go through the Dubai Consumer app on 600-545555, Abu Dhabi through TAMM on 800-555, or federally through the Ministry of Economy on 600 522 225. Data privacy follows Federal Decree-Law No. 45 of 2021 on the mainland, with separate regimes inside DIFC and ADGM.

Common Questions

What is the data privacy & consumer data rights (pdpl) right in Oman?

The UAE's Personal Data Protection Law (PDPL) gives consumers rights over how their personal data is collected and used:Consent: Businesses must obtain your clear and explicit consent before collecting personal data, and must tell you why they need it.Right to access: You can request a copy of all personal data a company holds about you.Right to correction: You can ask a company to correct inaccurate data about you.Right to deletion: You can request that your data be deleted when it is no longer needed for the purpose it was collected.Data breach notification: Companies must notify the UAE Dat...

When does it applydata privacy & consumer data rights (pdpl)?

A business in the UAE collects, stores, or processes your personal data.This covers data collected online and offline — apps, websites, loyalty programmes, and in-store forms.The DIFC has its own Data Protection Law (DIFC Law No. 5 of 2020) enforced by the DIFC Commissioner of Data Protection. ADGM has separate Data Protection Regulations 2021 with its own Office of Data Protection. If a DIFC or ADGM entity holds your data, those frameworks apply instead of the federal PDPL.

What should I do if a company in the UAE is misusing my personal data or refused my request to delete it?

Read privacy policies before sharing your personal data with any company.To exercise your rights, send a written request to the company's data protection officer or privacy contact.If the company does not respond within a reasonable time, file a complaint with the UAE Data Office for mainland entities, the DIFC Commissioner of Data Protection for DIFC entities, or the ADGM Office of Data Protection for ADGM entities.Revoke consent at any time if you no longer want a company processing your data.

What should you NOT dodata privacy & consumer data rights (pdpl)?

Do not share personal data without checking the privacy policy — understand how your data will be used.Do not ignore data breach notifications — change your passwords and monitor your accounts immediately.Do not assume deleting your account deletes all your data — explicitly request data deletion in writing.

More in Consumer Rights

Right to Product Safety & QualityEvery product sold in the UAE must meet safety and quality standards. Businesses are legally responsible for the product...Read more →Warranty & Return RightsUAE law gives consumers the right to return defective products and enforces warranty obligations on sellers:Warranty obl...Read more →Protection from Deceptive PracticesUAE law protects consumers from fraudulent, misleading, and deceptive business practices:False advertising: Businesses c...Read more →
← Browse all Consumer Rights

You Might Also Need to Know

Workers' RightsKafala & Employer TransferThe blunt fact: the UAE still runs a sponsorship-based system. Saudi Arabia reformed kafala in 2021; the UAE has chipped...Read more
Tax RightsTransfer Pricing RulesTransfer pricing rules ensure that transactions between related companies are priced fairly. These rules are especially ...Read more

Last verified:

You came here to know your rights — help someone else know theirs.

Support This Mission