View all UAE legal letters →

Data Privacy & Consumer Data Rights (PDPL) in UAE

By , Founding Editor

Last verified:

Source: Federal Decree-Law No. 45 of 2021 (Personal Data Protection Law — PDPL); Cabinet Decision No. 111 of 2022 (Implementing Regulations)

Reviewed by the Commoner Law Editorial Team. Sourced from UAE federal decrees, laws, and ministerial decisions. Written in plain language for general understanding — this is educational content, not legal advice. Our editorial standards

UAE Federal Law

What is this right?

The UAE's Personal Data Protection Law (PDPL) gives consumers rights over how their personal data is collected and used:

  • Consent: Businesses must obtain your clear and explicit consent before collecting personal data, and must tell you why they need it.
  • Right to access: You can request a copy of all personal data a company holds about you.
  • Right to correction: You can ask a company to correct inaccurate data about you.
  • Right to deletion: You can request that your data be deleted when it is no longer needed for the purpose it was collected.
  • Data breach notification: Companies must notify the UAE Data Office and affected individuals of data breaches that pose a risk to rights and freedoms.
  • Cross-border transfers: Your personal data cannot be transferred outside the UAE unless the receiving country has adequate data protection or you consent.

When does it apply?

  • A business in the UAE collects, stores, or processes your personal data.
  • This covers data collected online and offline — apps, websites, loyalty programmes, and in-store forms.
  • The DIFC has its own Data Protection Law (DIFC Law No. 5 of 2020) enforced by the DIFC Commissioner of Data Protection. ADGM has separate Data Protection Regulations 2021 with its own Office of Data Protection. If a DIFC or ADGM entity holds your data, those frameworks apply instead of the federal PDPL.

What to Do If a UAE Company Misuses Your Personal Data

  • Read privacy policies before sharing your personal data with any company.
  • To exercise your rights, send a written request to the company's data protection officer or privacy contact.
  • If the company does not respond within a reasonable time, file a complaint with the UAE Data Office for mainland entities, the DIFC Commissioner of Data Protection for DIFC entities, or the ADGM Office of Data Protection for ADGM entities.
  • Revoke consent at any time if you no longer want a company processing your data.

What should you NOT do?

  • Do not share personal data without checking the privacy policy — understand how your data will be used.
  • Do not ignore data breach notifications — change your passwords and monitor your accounts immediately.
  • Do not assume deleting your account deletes all your data — explicitly request data deletion in writing.

Common Questions

When does it applydata privacy & consumer data rights (pdpl)?

A business in the UAE collects, stores, or processes your personal data.This covers data collected online and offline — apps, websites, loyalty programmes, and in-store forms.The DIFC has its own Data Protection Law (DIFC Law No. 5 of 2020) enforced by the DIFC Commissioner of Data Protection. ADGM has separate Data Protection Regulations 2021 with its own Office of Data Protection. If a DIFC or ADGM entity holds your data, those frameworks apply instead of the federal PDPL.

What should I do if a company in the UAE is misusing my personal data or refused my request to delete it?

Read privacy policies before sharing your personal data with any company.To exercise your rights, send a written request to the company's data protection officer or privacy contact.If the company does not respond within a reasonable time, file a complaint with the UAE Data Office for mainland entities, the DIFC Commissioner of Data Protection for DIFC entities, or the ADGM Office of Data Protection for ADGM entities.Revoke consent at any time if you no longer want a company processing your data.

What should you NOT dodata privacy & consumer data rights (pdpl)?

Do not share personal data without checking the privacy policy — understand how your data will be used.Do not ignore data breach notifications — change your passwords and monitor your accounts immediately.Do not assume deleting your account deletes all your data — explicitly request data deletion in writing.

More in Consumer Rights

Right to Product Safety & QualityEvery product sold in the UAE must meet safety and quality standards. Businesses are legally responsible for the product...Read more →Warranty & Return RightsUAE law gives consumers the right to return defective products and enforces warranty obligations on sellers:Warranty obl...Read more →Protection from Deceptive PracticesUAE law protects consumers from fraudulent, misleading, and deceptive business practices:False advertising: Businesses c...Read more →

Related Topics

Workers' RightsKafala & Employer TransferTax RightsTransfer Pricing Rules
← Browse all Consumer Rights

Last verified:

You came here to know your rights — help someone else know theirs.

Support This Mission