United Arab Emirates: DIFC publishes Guidance on Retention and Storage of Personal Data

On 8 July 2022, the Dubai International Finance Center published its "Guidance on Retention and Storage of Personal Data". The outline aims to support individuals, organizations, and businesses in understanding the regulatory foundation of data governance, storage, and retention. The outline is based on Articles 9 and 14 of the Data Protection Law (5/2020) and emphasizes that data retention and storage are based on the data minimisation principle and must follow specific, case-by-case requirements. Any personal data whose retention is deemed as "excessive" needs to be deleted or archived. Personal data may be kept for future use only on the basis of a "foreseeable contingency". When personal data is stored, the DIFC requires organizations and businesses to keep continuously compliant with the Data Protection Law.