Data Protection at the DFSA


The DIFC Data Protection Law 2007, which is administered by the Commissioner of Data Protection (, regulates the use of 'personal data' in the DIFC. Personal data is essentially any information about an identifiable living individual. The Law establishes enforceable standards for data controllers regarding obtaining, holding, using or disclosing personal data. As a data controller, the DFSA must comply with these standards. The Law also gives individuals the right to access personal data held about them.


What kind of Personal Data does the DFSA hold?


We collect and use certain types of information about people we deal with as part of our regulatory functions. These include individuals within the regulated community, those who are proposing to join the regulated community and those who may have dealings with the regulated community, our own employees, suppliers and others with whom we conduct business.

Your Rights


If you are an individual, you have the right under the Law to access personal information held by the DFSA, and if necessary, rectify it (subject to certain exemptions). If you wish to make a personal data access request to the DFSA write to us at