10. Notifications to the Registration Authority*
Initial Registration as a Data Controller
10.1 The registration of any data controller residing within Al Maryah Island is mandatory with the Registration Authority. If you are an entity applying to be registered / incorporated in ADGM and will be processing Personal Data, it is therefore essential for you to complete the Data Protection initial registration form and pay the applicable fee. A Data Controller shall establish and maintain records of any Personal Data Processing operations or set of such operations intended to secure a single purpose or several related purposes.
Application for renewal of Registration as a Data Controller
10.2 Registration as a Data Controller is valid for one (1) year and can be renewed annually by submitting an “Application for renewal of registration – Data Protection” via the Registration Authority’s Online Solution available at https://www.registration.adgm.com and by paying the applicable fee. Renewal must be done on every anniversary of the company’s incorporation/registration.
Appointment and Cessation of Data Processor
10.3 A Data Controller must notify the Registration Authority of the appointment or cessation of a Data Processor. This notification can done by completing a Notice of Appointment / Cessation of Data Processor through the Registration Authority’s Online Solution.
Change in Particulars of Data Processor
10.4 A Data Controller must give notice to the Registration Authority of any change in the particulars of Data Processor. Such notice can be done by completing a Notice of Change of Particulars of Data Processor through the Registration Authority’s Online Solution.
Change in business contact details
10.5 A Data Controller must notify the Registration Authority in case of any change in its business contact details, for example the data protection contact person’s name, contact number, email, etc.
Data Breach Notifications within 72 hours
10.6 10.6 An unauthorized intrusion involving Personal Data is serious issue. Organizations must react appropriately when they become aware of breaches involving customer or employee personal information. A Data Controller must notify the Registration Authority in case of any security breach involving Personal Data as soon as possible.
10.7 Breach notifications must be filed electronically via the Registration Authority’s Online Solution available at https://www.registration.adgm.com.
* Section 12 of the ADGM Data Protection Regulations 2015.