| 1. |
VASPs must comply with all applicable data protection and data privacy requirements in all relevant jurisdiction[s] as follows—
|
| |
a. |
within the UAE, including the PDPL and any sectoral or free zone laws and regulations that may apply to the VASP; and |
| |
b. |
any data protection laws outside of the UAE that may apply to the VASP’s activities wheresoever conducted.
|
| 2. |
Compliance with all applicable data protection and data privacy requirements under Rule II.A.1 of this Technology and Information Rulebook shall include, but not be limited to, where data may be stored or located and how such data is transferred.
|