tiktok˰

Book a demo

Privacy Information Notice Template for the United Arab Emirates

Generate a bespoke document

  • England and Wales
  • Scotland
  • Northern Ireland
  • Ireland
  • United States
  • Alabama (USA)
  • Alaska (USA)
  • Arizona (USA)
  • Arkansas (USA)
  • California (USA)
  • Colorado (USA)
  • Connecticut (USA)
  • Delaware (USA)
  • Florida (USA)
  • Georgia (USA)
  • Hawaii (USA)
  • Idaho (USA)
  • Illinois (USA)
  • Indiana (USA)
  • Iowa (USA)
  • Kansas (USA)
  • Kentucky (USA)
  • Louisiana (USA)
  • Maine (USA)
  • Maryland (USA)
  • Massachusetts (USA)
  • Michigan (USA)
  • Minnesota (USA)
  • Mississippi (USA)
  • Missouri (USA)
  • Montana (USA)
  • Nebraska (USA)
  • Nevada (USA)
  • New Hampshire (USA)
  • New Jersey (USA)
  • New Mexico (USA)
  • New York (USA)
  • North Carolina (USA)
  • North Dakota (USA)
  • Ohio (USA)
  • Oklahoma (USA)
  • Oregon (USA)
  • Pennsylvania (USA)
  • Rhode Island (USA)
  • South Carolina (USA)
  • South Dakota (USA)
  • Tennessee (USA)
  • Texas (USA)
  • Utah (USA)
  • Vermont (USA)
  • Virginia (USA)
  • Washington (USA)
  • West Virginia (USA)
  • Wisconsin (USA)
  • Wyoming (USA)
  • Austria
  • Denmark
  • France
  • Germany
  • Lithuania
  • Luxembourg
  • Malta
  • Netherlands
  • Poland
  • Portugal
  • Romania
  • Slovakia
  • Slovenia
  • Spain
  • Sweden
  • Switzerland
  • Australia
  • New Zealand
  • Singapore
  • Hong Kong
  • India
  • Malaysia
  • Pakistan
  • United Arab Emirates
  • Qatar
  • Saudi Arabia
  • South Africa
  • Nigeria
  • Canada
  • Brasil
  • Monaco
  • Bermuda
  • Cayman Islands
  • Gibraltar
  • Isle of Man
  • Mauritius

What is a Privacy Information Notice?

The Privacy Information Notice is a fundamental document required under UAE Federal Decree-Law No. 45/2021 and its Executive Regulations, designed to ensure transparency in data processing activities. This document should be implemented by any organization that collects and processes personal data in the UAE, whether for commercial, professional, or other purposes. The Privacy Information Notice must detail the types of personal data collected, purposes of processing, data subject rights, security measures, and data retention periods. It serves as a critical compliance tool, particularly important given the UAE's enhanced focus on data protection through its comprehensive federal data protection law. Organizations must ensure their notice is easily accessible, written in clear language, and regularly updated to reflect current data processing practices and regulatory requirements.

Frequently Asked Questions

Is a Privacy Information Notice legally required in the UAE?

Yes, Privacy Information Notices are legally mandatory in the UAE under Federal Decree-Law No. 45/2021. Any organization that collects, processes, or stores personal data of individuals in the UAE must provide this notice to comply with federal data protection regulations. Failure to provide proper privacy notices can result in significant penalties and legal consequences.

Can I be fined for having an incomplete Privacy Information Notice in the UAE?

Yes, incomplete or missing Privacy Information Notices can result in substantial fines under Federal Decree-Law No. 45/2021. The UAE Data Protection Authority can impose penalties ranging from warnings to fines of up to AED 2 million for serious violations. Organizations may also face operational restrictions and reputational damage for non-compliance.

How does a Privacy Information Notice differ from Terms and Conditions in the UAE?

A Privacy Information Notice specifically focuses on data collection, processing, and protection practices as required by UAE Federal Decree-Law No. 45/2021, while Terms and Conditions govern the general use of services or products. The Privacy Notice is mandatory for data protection compliance and must follow specific transparency requirements, whereas Terms and Conditions primarily address contractual relationships and service usage.

How long does it take to prepare a compliant Privacy Information Notice for UAE businesses?

Creating a comprehensive Privacy Information Notice typically takes 2-4 weeks, depending on your organization's complexity and data processing activities. This includes time for reviewing your data flows, ensuring compliance with Federal Decree-Law No. 45/2021 requirements, legal review, and stakeholder approval. Rush preparation may lead to compliance gaps and should be avoided.

Which UAE federal law governs Privacy Information Notice requirements?

Privacy Information Notices in the UAE are governed by Federal Decree-Law No. 45/2021 on the Protection of Personal Data, along with its implementing regulations in Cabinet Resolution No. 100/2022. These laws establish mandatory transparency requirements, specify required disclosures about data processing activities, and outline penalties for non-compliance with privacy notice obligations.

Can I copy another company's Privacy Information Notice for my UAE business?

No, copying another company's Privacy Notice is not recommended and may lead to compliance violations. Each organization has unique data processing activities, purposes, and legal bases that must be accurately reflected in their notice under Federal Decree-Law No. 45/2021. Generic or copied notices often fail to meet specific regulatory requirements and can expose your business to penalties.

Must Privacy Information Notices be provided in Arabic under UAE law?

While Federal Decree-Law No. 45/2021 does not explicitly mandate Arabic language requirements, providing notices in Arabic is strongly recommended for UAE residents. Many organizations provide bilingual notices in both Arabic and English to ensure accessibility and demonstrate good faith compliance. The notice must be clear and understandable to the individuals whose data you process.

Reviewed by

Legal Engineer, GenieAI

A lawyer, legal researcher and legal tech founder, Swetha has built AI products deployed inside Tier 1 firms and enterprises. She ensures GenieAI's alignment with the latest regulation and executes testing on the legal robustness of Genie output.

Reviewed by

Legal Engineer, GenieAI

A Skadden-trained M&A lawyer, Imad advised on cross-border transactions and contractual risk before moving into legal AI. He reviews GenieAI's output for compliance and enforceability across our 150+ supported jurisdictions, as well as facilitating external benchmarking.

Jurisdiction

United Arab Emirates

Reviewed by

&

Publisher

GenieAI

Category

Privacy Notice

Sector

Business

Cost

Free to use

Last updated

About the Privacy Information Notice

A Privacy Information Notice is a legally required document that organizations in the United Arab Emirates must provide to individuals when collecting or processing their personal data. Under Federal Decree-Law No. 45/2021 and Cabinet Resolution No. 100/2022, you must ensure transparency about your data processing activities by clearly communicating how you handle personal information. This notice serves as a bridge between your organization and data subjects, establishing trust while meeting strict regulatory compliance requirements.

When do you need this document?

You need a Privacy Information Notice whenever your organization collects, stores, or processes personal data of individuals in the UAE. This includes situations such as collecting customer information for service delivery, processing employee data for HR purposes, gathering website visitor data through cookies, or handling client information for professional services. The notice is particularly critical for businesses operating across multiple UAE jurisdictions, including free zones like DIFC and ADGM, which have specific data protection requirements. E-commerce platforms, healthcare providers, financial institutions, and any organization with an online presence must implement this notice to ensure legal compliance from the moment data collection begins.

Key legal considerations

Your Privacy Information Notice must include several mandatory elements under UAE law, including the identity and contact details of the data controller, categories of personal data collected, legal basis for processing, and specific purposes for data use. You must clearly outline data subject rights, including access, rectification, deletion, and objection rights as established under Federal Decree-Law No. 45/2021. The notice should specify data retention periods, security measures implemented to protect personal information, and procedures for exercising individual rights. Additionally, you must disclose any international data transfers, third-party data sharing arrangements, and provide contact information for your Data Protection Officer if appointed. Regular updates to the notice are essential when processing activities change or new legal requirements emerge.

Legal requirements in United Arab Emirates

Under UAE Federal Decree-Law No. 45/2021 and its Executive Regulations, your Privacy Information Notice must be provided at the point of data collection or before processing begins. The notice must be written in Arabic or English, easily accessible, and presented in clear, plain language that ordinary individuals can understand. For organizations operating in DIFC, compliance with DIFC Law No. 5 of 2020 requires additional considerations similar to GDPR standards. ADGM entities must align with the ADGM Data Protection Regulations 2021, which may impose stricter requirements for certain processing activities. The UAE Data Office has enforcement authority and can impose significant penalties for non-compliance, making proper notice implementation crucial for avoiding regulatory sanctions. Your notice must also accommodate the cultural and linguistic diversity of the UAE population, ensuring accessibility for all data subjects regardless of their background.

GOVERNING LAW

Applicable law

This Privacy Information Notice is drafted to comply with United Arab Emirates law. Key legislation includes:









Explore 208,390+ legal templates

Explore 208,390+ legal templates

Genie's Security Promise

Genie is the safest place to draft. Here's how we prioritise your privacy and security.

Your data is private:

We do not train on your data; Genie's AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

We are ISO27001 certified, so your data is secure

Organizational security:

You retain IP ownership of your documents and their information

You have full control over your data and who gets to see it