Imagine a checklist of everything PDPL requires your company to do. This page compares that checklist against what you've actually done so far. Every item you haven't addressed shows up as a 'gap' with a recommended fix. Higher-priority gaps get flagged first — start with those.
PDPL Gap Analysis
Automated analysis comparing your company's current state against UAE PDPL requirements.
Compliance Score
0.0%
Total Gaps
5
Critical Gaps
1
High Priority
4
Critical Gaps
Art. 14 - Transparency and Privacy Notice
Current State: No privacy policy published
Recommendation: Create and publish a comprehensive privacy policy that meets PDPL Article 14-15 transparency requirements. Include purposes of processing, data subject rights, and contact details.
High Priority Gaps
Art. 9 - Data Breach Notification to Authority
Current State: No data breach response plan
Recommendation: Develop and implement a data breach response plan as required by PDPL Articles 18-19. Ensure procedures are in place for notification to the UAE Data Office within 72 hours of becoming aware of a breach.
Art. 12 - Records of Processing Activities (ROPA)
Current State: No data retention policy
Recommendation: Establish a data retention policy that defines retention periods for each category of personal data based on the PDPL storage limitation principle (Article 13). Document retention justifications and implement secure deletion procedures.
Art. 5(2) - Valid Consent Requirements
Current State: No consent management mechanism in place
Recommendation: Implement a consent management system to handle consent collection, withdrawal, and records as per PDPL Articles 5-6. Ensure consent is freely given, specific, informed, and unambiguous, with a clear affirmative action.
Art. 9 (Processor) - Processor Obligations
Current State: No data processing agreements (DPAs) in place
Recommendation: Execute data processing agreements with all third-party processors. PDPL Article 9 requires clear written contracts specifying the subject, duration, nature, and purpose of processing, as well as the obligations of both parties.
All Identified Gaps
| Priority | Status | Recommendation |
|---|---|---|
| CRITICAL | No privacy policy published | Create and publish a comprehensive privacy policy that meets PDPL Article 14-15 transparency requirements. Include purposes of processing, data subject rights, and contact details. |
| HIGH | No data breach response plan | Develop and implement a data breach response plan as required by PDPL Articles 18-19. Ensure procedures are in place for notification to the UAE Data Office within 72 hours of becoming aware of a breach. |
| HIGH | No data retention policy | Establish a data retention policy that defines retention periods for each category of personal data based on the PDPL storage limitation principle (Article 13). Document retention justifications and implement secure deletion procedures. |
| HIGH | No consent management mechanism in place | Implement a consent management system to handle consent collection, withdrawal, and records as per PDPL Articles 5-6. Ensure consent is freely given, specific, informed, and unambiguous, with a clear affirmative action. |
| HIGH | No data processing agreements (DPAs) in place | Execute data processing agreements with all third-party processors. PDPL Article 9 requires clear written contracts specifying the subject, duration, nature, and purpose of processing, as well as the obligations of both parties. |