All Countries
Data Privacy
Data Protection Addendum

Data Protection Addendum Template for United Arab Emirates

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Data Protection Addendum

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Data Protection Addendum

"I need a Data Protection Addendum for my UAE-based fintech company that will process customer payment data for an international bank, with specific provisions for cross-border transfers to Singapore and compliance with both UAE Federal and DIFC requirements."

Celebrated by
Collaborations with
Investors
Document background
The Data Protection Addendum (DPA) is essential for businesses operating in the UAE that process personal data on behalf of others. It becomes necessary when one party (the data processor) processes personal data on behalf of another party (the data controller), ensuring compliance with UAE Federal Decree-Law No. 45/2021, as well as DIFC and ADGM data protection regulations where applicable. The DPA details specific obligations regarding data security, processing limitations, confidentiality, breach notifications, and cross-border transfers. It addresses both mandatory requirements under UAE law and international best practices, making it particularly important for organizations handling personal data across multiple jurisdictions or operating within UAE free zones. The document should be customized based on the specific type of data being processed, the industry sector, and whether any special categories of personal data are involved.
Suggested Sections

1. Parties: Identification of the data controller and data processor, including full legal names and addresses

2. Background: Context of the relationship between parties and reference to the main agreement this DPA supplements

3. Definitions: Key terms used in the DPA, aligned with UAE Federal Law No. 45/2021 definitions

4. Scope and Purpose: Details of what personal data will be processed, purposes of processing, and duration

5. Obligations of the Data Processor: Core responsibilities including processing only on documented instructions, confidentiality, security measures

6. Obligations of the Data Controller: Responsibilities including lawful basis for processing, accuracy of data, and providing documented instructions

7. Data Subject Rights: Procedures for handling data subject requests and assistance requirements

8. Data Security: Required technical and organizational security measures

9. Data Breach Notification: Procedures and timeframes for reporting data breaches

10. Cross-border Data Transfers: Requirements and safeguards for international data transfers

11. Audit Rights: Controller's rights to audit and processor's obligations to demonstrate compliance

12. Term and Termination: Duration of the DPA and procedures for termination

13. Return or Deletion of Data: Obligations regarding personal data upon termination of services

Optional Sections

1. Sensitive Data Processing: Additional requirements when processing sensitive personal data as defined under UAE law

2. Healthcare Data Provisions: Specific provisions when processing healthcare data under UAE Federal Law No. 2 of 2019

3. Financial Data Processing: Additional requirements for financial sector data processing

4. Free Zone Specific Provisions: Additional requirements when operating in DIFC or ADGM

5. Sub-processor Provisions: Detailed requirements if the processor intends to engage sub-processors

6. Data Protection Officer: Requirements when appointment of a DPO is necessary

7. Children's Data: Special provisions for processing personal data of children

8. Direct Marketing: Specific requirements if personal data will be used for direct marketing purposes

Suggested Schedules

1. Schedule 1 - Details of Processing: Detailed description of data subjects, data categories, processing purposes, and duration

2. Schedule 2 - Technical and Organizational Measures: Specific security measures implemented to protect personal data

3. Schedule 3 - Approved Sub-processors: List of approved sub-processors and their processing activities

4. Schedule 4 - Transfer Mechanisms: Details of mechanisms used for international data transfers

5. Schedule 5 - Security Breach Response Plan: Detailed procedures for handling and reporting data breaches

6. Appendix A - Data Processing Instructions: Detailed instructions from controller regarding data processing activities

7. Appendix B - Compliance Checklist: Checklist ensuring compliance with UAE data protection requirements

Authors

Alex Denne

Head of Growth (Open Source Law) @ Genie AI | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

Linkedin in social icon imageX social icon image
alex.den.21@genieai.co
Relevant legal definitions
Applicable Data Protection Law
Approved Sub-processor
Confidential Information
Controller
Cross-border Transfer
Data Breach
Data Protection Authority
Data Protection Impact Assessment
Data Protection Officer
Data Subject
International Organization
Personal Data
Processing
Processor
Professional Services
Regulatory Authority
Sensitive Personal Data
Services Agreement
Sub-processor
Supervisory Authority
Technical Measures
Organizational Measures
Third Country
Third Party
Transfer Mechanism
UAE Personal Data
Processing Instructions
Security Measures
Breach Notification
Data Subject Rights
Compliance Documentation
Processing Record
Data Minimization
Purpose Limitation
Storage Limitation
Jurisdiction
Governing Law
Consent
Data Accuracy
Authorized Person
Material Change
Technical Safeguards
Security Controls
Audit Trail
Data Protection Laws
Processing Location
Relevant Industries

Financial Services

Healthcare

Technology

E-commerce

Education

Telecommunications

Professional Services

Real Estate

Hospitality

Manufacturing

Retail

Insurance

Transportation and Logistics

Media and Entertainment

Relevant Teams

Legal

Compliance

Information Technology

Information Security

Risk Management

Operations

Data Protection

Privacy

Procurement

Vendor Management

Corporate Governance

Internal Audit

Commercial

Relevant Roles

Chief Privacy Officer

Data Protection Officer

Legal Counsel

Compliance Manager

Information Security Manager

IT Director

Risk Manager

Operations Manager

Contract Manager

Chief Technology Officer

Chief Information Security Officer

Privacy Analyst

General Counsel

Commercial Director

Chief Operating Officer

Industries
Federal Decree-Law No. 45/2021: The UAE's first comprehensive federal data protection law, establishing requirements for processing personal data, data subject rights, and obligations of data controllers/processors
DIFC Law No. 5 of 2020: Data Protection Law applicable in Dubai International Financial Centre, closely aligned with GDPR principles and establishing specific requirements for companies operating in DIFC
ADGM Data Protection Regulations 2021: Abu Dhabi Global Market's data protection framework, establishing requirements for organizations operating within ADGM
UAE Federal Law No. 2 of 2019: Concerning the Use of Information and Communication Technology in Healthcare Fields, setting specific requirements for health data protection
SCA Decision No. (21/R.M) of 2020: Securities and Commodities Authority decision regarding data protection in financial services
UAE Cyber Crime Law (Federal Decree-Law No. 5 of 2012): Provides legal framework for cybersecurity and data protection violations, including penalties for unauthorized data access or disclosure
TDRA Data Protection Regulations: Telecommunications and Digital Government Regulatory Authority's requirements for data protection in the telecommunications sector
Central Bank Regulations: Various circulars and regulations related to data protection in the banking and financial services sector
Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Joint Controller Agreement

A UAE law-compliant agreement establishing responsibilities and obligations between parties jointly controlling personal data processing activities.

find out more

Data Processing Addendum

A UAE law-compliant agreement establishing terms for personal data processing between controllers and processors under Federal Decree Law No. 45 of 2021.

find out more

Data Sharing Agreement Controller To Processor

UAE-law governed agreement establishing terms for processing personal data between a Controller and Processor, compliant with Federal Decree-Law No. 45/2021.

find out more

Controller To Controller Data Processing Agreement

UAE-law governed agreement establishing data sharing arrangements between two independent data controllers, compliant with Federal Decree Law No. 45 of 2021.

find out more

Intercompany Data Processing Agreement

UAE-law governed agreement regulating personal data processing between affiliated companies, ensuring compliance with UAE Federal Decree Law No. 45 of 2021.

find out more

Controller To Controller DPA

UAE-governed Controller to Controller DPA establishing framework for personal data sharing between independent controllers under Federal Decree-Law No. 45/2021.

find out more

DPA Agreement

UAE-compliant Data Processing Agreement establishing terms for personal data processing between controller and processor under Federal Decree-Law No. 45/2021.

find out more

Third Party Data Processing Agreement

UAE-law governed agreement regulating personal data processing activities between a controller and processor, compliant with Federal Decree Law No. 45 of 2021.

find out more

Personal Data Transfer Agreement

UAE-compliant agreement template for cross-border personal data transfers, aligned with Federal Decree-Law No. 45/2021 and free zone regulations.

find out more

Controller Processor Agreement

A UAE-compliant agreement governing data processing activities between controllers and processors under Federal Decree-Law No. 45/2021.

find out more

Affiliate Addendum

UAE-governed addendum defining affiliate marketing relationships, commission structures, and compliance requirements under UAE law.

find out more

Data Privacy Addendum

A legal addendum ensuring compliance with UAE data protection laws and regulations, establishing data processing rights and obligations between parties.

find out more

Sub Processing Agreement

UAE-governed Sub Processing Agreement establishing terms for outsourced data processing activities in compliance with UAE Federal Decree Law No. 45 of 2021.

find out more

International Data Transfer Agreement

UAE-compliant International Data Transfer Agreement governing cross-border personal data transfers under Federal Decree-Law No. 45/2021.

find out more

Data Protection Addendum

A legal addendum ensuring compliance with UAE federal and free zone data protection laws, establishing data processing rights and obligations between parties.

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: https://www.genieai.co/our-research
Oops! Something went wrong while submitting the form.

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our Trust Centre for more details and real-time security updates.

Read our Privacy Policy.