What is the UAE Cabinet Resolution No. 21 of 2013?
The resolution is aimed at managing the data security environment in Dubai’s public sector. It provides a legal framework for information security and compels IT departments to enforce security policies to protect their critical data and control its use and movement.
Who is Required to Comply?
All federal entities within the UAE including ministries, public corporations, institutions, and public bodies are legally required to enforce Information Security policies since the introduction of the UAE Cabinet Resolution No. 21 of 2013.
Every federal employee is legally liable for non-compliance with the Resolution and is required to sign an acknowledgment to this effect. Failure to comply could mean fines or even imprisonment for employees.
The Resolution expressly states that "every User (who) violates the provisions of this Regulation shall be punished according to the disciplinary sanctions set forth in the human resources laws and regulations applied in the FE he/she works for," meaning that as well as fiscal sanctions or imprisonment, employees found not to be complying with the Resolution are subject to internal disciplinary regulations and penalties set by their employers.
The Resolution places personal responsibility firmly on the shoulders of Federal employees, requiring federal entities to demand employee classification of all data assets.
Fortra DLP Can Help You Comply with UAE Regulations
Fortra’s Digital Guardian assists organizations in achieving compliance with various UAE data protection and cybersecurity regulations by offering a comprehensive set of data protection tools designed to secure sensitive information and ensure proper handling of data in line with local legal requirements.
