On 8 July 2025, the DIFC Data Protection Law No. 5 of 2020 (DIFC Data Protection Law) was amended to introduce several substantive changes, including the landmark creation of a private right of action for data subjects, clarifications to the extraterritorial scope, and increased financial penalties for non-compliance.
The changes broadly reflect those proposed in a consultation paper released in February 2025 (available here) (Consultation Paper). However, there are several interesting changes proposed in the Consultation Paper that did not end up being enacted.
In our article, we explore these new amendments and how they may impact businesses operating in or interacting with DIFC; and highlight the practical steps organisations should consider taking – particularly in light of the new statutory liability risk.
Click here to read the full article.