DFSA rules and regulations apply to all firms regulated by the DFSA. These rules and guidelines are intended to safeguard customers when they transact with an authorized firm and purchase a financial good or service, to stop the potential threats to financial stability from materializing and hurting the real economy, and to protect the integrity of the financial markets.

Prudential and conduct of business and data protection legislations are all part of the DFSA regulations.

To fulfill their Continuing Professional Development (CPD) obligations, the DFSA mandates that all Senior Executive Officers, Compliance Officers, and MLROs of Authorized Firms complete a least 15 hours of obligatory training every 12 months.

The purpose of this 5 CPD hours course is to provide an understanding about all the regulatory subjects imposed by the DFSA, and it was specifically developed for Authorized Individuals of DFSA-regulated enterprises.

By the end of the programme, participants will fully understand:

• Legal Framework: Provide participants with an in-depth understanding of the legal framework surrounding DFSA Data Protection – DIFC Rules, including its title, legislative authority, date of enactment, and commencement.
• Scope and Purpose: Explain the scope and purpose of the law, highlighting its application and the role of schedules within the regulations.
• Compliance Requirements: Educate participants about the general requirements for legitimate and lawful processing, emphasizing the lawfulness of processing, consent, and the conditions and accountability associated with consent and legitimate interests.
• Data Protection Officer (DPO): Explore the role of the Data Protection Officer (DPO), including their competencies, status, and responsibilities in ensuring compliance with data protection regulations.
• Data Protection Impact Assessment: Teach participants about the importance and process of conducting Data Protection Impact Assessments and when prior consultation is required.
• Joint Controllers and Processors: Clarify the roles and responsibilities of controllers, processors, and sub-processors, while emphasizing confidentiality in data processing.
• Enforcement and Sanctions: Examine the enforcement mechanisms, including personal data breach notifications, the role and powers of the Commissioner, remedies, liabilities, and sanctions for non-compliance, such as fines, complaints, and court applications.
• Regulatory Oversight: Explain the regulatory oversight of the Commissioner, including their appointment, removal, and powers, as well as the role of advisory committees, codes of conduct, certification schemes, and monitoring of compliance.
• Practical Application: Facilitate practical application exercises and case studies to help participants apply the knowledge gained throughout the course.
• Ethical Considerations: Discuss the ethical considerations related to data protection and privacy within the context of DFSA regulations.

Data Protection – DIFC

Introduction and Scope Enforcement
• Title and Repeal
• Legislative Authority
• Date of Enactment
• Commencement
• Purpose of the Law
• Application of The Law
• Schedules
• Administration of The Law

General Requirements
• Requirements for Legitimate and Lawful Processing
• Lawfulness of Processing
• Processing of Special Categories of Personal Data
• Consent
• Conditions of consent and reliance on legitimate interests
• Legitimate interests
• Accountability and notification
• Records of Processing activities
• Designation of the Data Protection Officer (DPO)
• The DPO: Competencies and Status
• Role and Tasks of the DPO
• DPO Controller Assessment
• Data Protection Impact Assessment
• Prior Consultation
• Cessation of Processing

Joint Controllers and Processors
• Controllers
• Processors
• Processors and Sub-Processors
• Confidentiality

Data Export and Sharing
• Transfers Out of the DIFC: Adequate Level of Protection
• Transfers out of the DIFC in the Absence of an Adequate Level of Protection
• Data Sharing

Information Provision
• Providing Information where Personal Data Has Been Obtained from the Data Subject
• Providing Information Where Personal Data Has Not Been Obtained From the Data Subject
• Nature of Processing Information

Rights of Data Subjects
• Right to Withdraw Consent
• Rights to Access, Rectification and Erasure of Personal Data
• Right to Object to Processing
• Right to Restriction of Processing
• Controller’s Obligation to Notify
• Right to Data Portability
• Automated Individual Decision-Making, Including Profiling
• Non-Discrimination
• Methods of Exercising Data Subject Rights

Personal Data Breaches
• Notification of Personal Data Breaches to the Commissioner
• Notification of Personal Data Breaches to a Data Subject

The Commissioner
• Appointment of the Commissioner
• Removal of the Commissioner
• Resignation of the Commissioner
• Powers, Functions and Objectives of the Commissioner
• Delegation of Powers and Establishment of Advisory Committee
• Codes of Conduct
• Monitoring of Approved Codes of Conduct
• Certification Schemes
• Certification and Accreditation
• Production of Information
• Regulations
• Funding
• Annual Budget of the Commissioner
• Accounts
• Audit of Commissioner
• Annual Report

Remedies, Liability, and Sanctions
• Directions
• Lodging Complaints and mediation
• General Contravention
• Imposition of Fines
• Application to the Court
• Compensation

General Exemptions

Conclusions and Closures

The programme is designed to provide participants with a better understanding of the various DFSA rules and regulations. The use of interactive case studies will help participants to think critically about scenarios that will be relevant to their respective roles and organisations.

By the end of the course, participants will have developed the confidence to comprehend what are the rules and regulations applicable to them in their day to day transacting.

The course is addressed to:

This course is beneficial to all Senior Executive Officers, Compliance Officers and MLROs of DFSA Regulated Firms.