• PART I PART I General provisions

    • 1. Subject-matter and objectives

      (1) The objects of these Regulations are
      (a) to promote the protection of individuals’ Personal Data;
      (b) to recognise that the right to the protection of Personal Data is not an absolute right; it must be considered in relation to its function and balanced against other rights;
      (c) to provide the basis for consistent regulation and Processing of Personal Data within ADGM;
      (d) to promote lawful, fair and transparent Processing of Personal Data;
      (e) to establish the primary responsibility and liability of the Controller for any processing of personal data carried out by the Controller or on the Controller’s behalf;
      (f) to facilitate the transfer of Personal Data across borders while ensuring that the rights of individuals are respected;
      (g) to provide a means for individuals to complain about an alleged infringement of their rights relating to their Personal Data and to receive an effective judicial remedy; and
      (h) to implement ADGM’s international commitments in relation to the Processing of Personal Data.

    • 2. Material scope

      (1) These Regulations apply to the Processing of Personal Data wholly or partly by automated means and to the Processing other than by automated means of Personal Data which forms part of a Filing System or is intended to form part of a Filing System. Files or sets of files, as well as their cover pages, which are not structured according to specific criteria do not fall within the scope of these Regulations.
      (2) These Regulations do not apply to the Processing of Personal Data:
      (a) by a natural person for the purposes of purely personal or household activity; or
      (b) by public authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to national security.

    • 3. Territorial scope

      (1) These Regulations apply to the Processing of Personal Data in the context of the activities of an Establishment of a Controller or a Processor in ADGM, regardless of whether the Processing takes place in ADGM or not.
      (2) Where the Processor is Processing Personal Data for a Controller outside of ADGM, the Processor must comply with the requirements of these Regulations to the extent possible, taking into account whether the Controller is subject to similar obligations under the laws of its home jurisdiction.
      (3) These Regulations apply to natural persons whatever their nationality or place of residence.