AP Group is pleased to confirm full compliance with the amended Dubai International Financial Centre (DIFC) Data Protection Law, which came into effect on 15 July 2025. These legislative updates, introduced under the DIFC Law Amendment Law No. 2 of 2024, further strengthen the Centre’s data privacy framework and align it more closely with global best practices.
As a trusted global provider of payroll, HR, and recruitment solutions, AP Group has long upheld a rigorous data governance framework that is already consistent with the evolving standards found across the European Union, United Kingdom, Channel Islands, and Switzerland. Our policies and practices have been shaped by decades of operating in highly regulated jurisdictions, and we welcome the DIFC’s enhancements as a constructive step toward greater international harmonisation.
The recent amendments to the DIFC law introduce a more expansive jurisdictional reach, including provisions that now apply to organisations outside the DIFC that offer services to, or monitor the behaviour of, individuals within the Centre. This brings the DIFC regime into closer alignment with data protection systems in Europe and the UK, where extraterritorial applicability has long been a recognised standard.
Another key change is the strengthening of cross-border data transfer requirements. The amended law introduces more detailed conditions for transferring personal data internationally, requiring organisations to assess the adequacy of the receiving jurisdiction and implement appropriate safeguards. These provisions are closely aligned with the expectations of the EU and UK frameworks, as well as the Swiss Federal Act on Data Protection, all of which place a strong emphasis on secure international transfers.
The updates also include enhanced rights for individuals, including the right to bring legal claims directly before the DIFC Courts in cases where their data privacy rights have been breached. This legal remedy mechanism is consistent with the broader global trend of empowering individuals to take direct action to protect their personal information.
At AP Group, these developments do not require any fundamental changes to our operations. We have long incorporated measures such as privacy risk assessments, transparent privacy notices, and internal compliance controls. Our data transfer procedures already follow recognised international standards, and we continue to review our practices regularly to ensure they meet the evolving legal landscape in every jurisdiction in which we operate.
Clients and candidates working with AP Group—whether from London, Geneva, Jersey, Guernsey, or Dubai—can be confident that their personal data is being managed lawfully, securely, and ethically. Our internal compliance structure supports robust governance, and our team receives ongoing training to ensure everyone plays a role in protecting the integrity of the data we hold.
We are committed to maintaining the highest standards of compliance and data protection. The amended DIFC Data Protection Law represents a positive step in international data regulation, and AP Group is proud to already meet its obligations.
