What is the UAE Cabinet Resolution No. 21 of 2013?
The resolution is aimed at managing the data security environment in Dubai’s public sector. It provides a legal framework for information security and compels IT departments to enforce security policies to protect their critical data and control its use and movement.
Who is Required to Comply?
All federal entities within the UAE including ministries, public corporations, institutions, and public bodies are legally required to enforce Information Security policies since the introduction of the UAE Cabinet Resolution No. 21 of 2013.
Every federal employee is legally liable for non-compliance with the Resolution and is required to sign an acknowledgment to this effect. Failure to comply could mean fines or even imprisonment for employees.
The Resolution expressly states that "every User (who) violates the provisions of this Regulation shall be punished according to the disciplinary sanctions set forth in the human resources laws and regulations applied in the FE he/she works for," meaning that as well as fiscal sanctions or imprisonment, employees found not to be complying with the Resolution are subject to internal disciplinary regulations and penalties set by their employers.
The Resolution places personal responsibility firmly on the shoulders of Federal employees, requiring federal entities to demand employee classification of all data assets.
Fortra’s Digital Guardian Can Help You Comply with UAE Regulations
Fortra’s Digital Guardian assists organizations in achieving compliance with various UAE data protection and cybersecurity regulations by offering a comprehensive set of data protection tools designed to secure sensitive information and ensure proper handling of data in line with local legal requirements.
Data Loss Prevention (DLP)
Digital Guardian’s DLP features monitor data movements, blocking unauthorized attempts to transfer, share, or access sensitive information, which helps organizations prevent data breaches and ensure regulatory compliance.
Monitoring and Auditing
Digital Guardian continuously monitors all data activities, creating detailed audit logs to track who accessed or interacted with sensitive information. These audit logs are critical for demonstrating compliance during audits or investigations.
Incident Detection and Response
Digital Guardian provides threat detection and automated incident response, allowing organizations to quickly identify and mitigate potential security incidents in line with UAE compliance requirements.
Data Subject Rights Management
Digital Guardian supports compliance with these rights by enabling organizations to identify and manage personal data, making it easier to fulfill requests for data access or deletion in line with regulatory mandates.
Policy Enforcement and Automation
Digital Guardian enables organizations to define, automate, and enforce data protection policies across all endpoints and networks, ensuring that sensitive data is consistently handled according to regulatory standards.
