Book a demo Log in / Sign up

Personal Information Consent Form Template for the United Arab Emirates

Generate a bespoke document

  • England and Wales
  • Scotland
  • Northern Ireland
  • Ireland
  • United States
  • Alabama (USA)
  • Alaska (USA)
  • Arizona (USA)
  • Arkansas (USA)
  • California (USA)
  • Colorado (USA)
  • Connecticut (USA)
  • Delaware (USA)
  • Florida (USA)
  • Georgia (USA)
  • Hawaii (USA)
  • Idaho (USA)
  • Illinois (USA)
  • Indiana (USA)
  • Iowa (USA)
  • Kansas (USA)
  • Kentucky (USA)
  • Louisiana (USA)
  • Maine (USA)
  • Maryland (USA)
  • Massachusetts (USA)
  • Michigan (USA)
  • Minnesota (USA)
  • Mississippi (USA)
  • Missouri (USA)
  • Montana (USA)
  • Nebraska (USA)
  • Nevada (USA)
  • New Hampshire (USA)
  • New Jersey (USA)
  • New Mexico (USA)
  • New York (USA)
  • North Carolina (USA)
  • North Dakota (USA)
  • Ohio (USA)
  • Oklahoma (USA)
  • Oregon (USA)
  • Pennsylvania (USA)
  • Rhode Island (USA)
  • South Carolina (USA)
  • South Dakota (USA)
  • Tennessee (USA)
  • Texas (USA)
  • Utah (USA)
  • Vermont (USA)
  • Virginia (USA)
  • Washington (USA)
  • West Virginia (USA)
  • Wisconsin (USA)
  • Wyoming (USA)
  • Austria
  • Denmark
  • France
  • Germany
  • Lithuania
  • Luxembourg
  • Malta
  • Netherlands
  • Poland
  • Portugal
  • Romania
  • Slovakia
  • Slovenia
  • Spain
  • Sweden
  • Switzerland
  • Australia
  • New Zealand
  • Singapore
  • Hong Kong
  • India
  • Malaysia
  • Pakistan
  • United Arab Emirates
  • Qatar
  • Saudi Arabia
  • South Africa
  • Nigeria
  • Canada
  • Brasil
  • Monaco
  • Bermuda
  • Cayman Islands
  • Gibraltar
  • Isle of Man
  • Mauritius

What is a Personal Information Consent Form?

The Personal Information Consent Form Template is essential for organizations operating in the UAE to properly document and obtain consent for personal data processing activities. This template becomes necessary whenever an organization collects, processes, or stores personal information from individuals, whether they are customers, employees, or other stakeholders. The document ensures compliance with UAE Federal Decree Law No. 45 of 2021, which mandates explicit consent for data processing activities. It includes comprehensive sections covering data collection purposes, processing activities, individual rights, and withdrawal mechanisms, while accommodating specific requirements for different emirates and free zones. The template is designed to be customizable for various sectors while maintaining compliance with UAE data protection regulations.

Frequently Asked Questions

Is a Personal Information Consent Form legally binding in the UAE?

Yes, a properly executed Personal Information Consent Form is legally binding in the UAE under Federal Decree Law No. 45 of 2021. The form creates enforceable obligations for both the data controller and the individual, provided it meets the law's requirements for explicit, informed, and freely given consent.

Can my organization be penalized if we don't have proper consent forms in the UAE?

Yes, operating without valid consent forms can result in severe penalties under UAE Federal Decree Law No. 45 of 2021. Organizations may face fines between AED 500,000 to AED 2 million, depending on the violation's severity. The UAE Data Protection Office has authority to impose these sanctions and may also order cessation of data processing activities.

How long should we retain Personal Information Consent Forms in the UAE?

UAE Federal Decree Law No. 45 of 2021 requires organizations to retain consent records for the duration of data processing plus a reasonable period afterward. Best practice is to keep consent forms for at least 7 years after the consent expires or data processing ends, as this aligns with general UAE commercial record-keeping requirements.

How is a Personal Information Consent Form different from a Privacy Policy in the UAE?

A Personal Information Consent Form specifically captures an individual's agreement to data processing for particular purposes, while a Privacy Policy is a general disclosure document explaining data practices. Under UAE law, both are required - the consent form provides the legal basis for processing, while the privacy policy fulfills transparency obligations.

How quickly can I create a compliant Personal Information Consent Form for UAE operations?

A basic consent form can be drafted in 2-4 hours using templates, but ensuring full UAE compliance typically takes 1-2 weeks. This includes reviewing your specific data processing activities, incorporating Federal Decree Law No. 45 requirements, and potentially obtaining legal review to avoid costly compliance issues.

Common mistakes organizations make with consent forms in the UAE?

The most frequent errors include using overly broad consent language, bundling consent with other terms, failing to specify data processing purposes clearly, and not providing easy withdrawal mechanisms. Many organizations also forget to translate forms into Arabic when required and fail to update consent when processing purposes change.

Must Personal Information Consent Forms be in Arabic in the UAE?

While UAE Federal Decree Law No. 45 of 2021 doesn't explicitly mandate Arabic language, UAE consumer protection laws generally require contracts affecting UAE residents to be available in Arabic. For safety and enforceability, consent forms should be provided in both Arabic and English, with Arabic taking precedence in case of disputes.

Reviewed by

Swetha Meenal

Legal Engineer, GenieAI

Swetha Meenal profile photo

A lawyer, legal researcher and legal tech founder, Swetha has built AI products deployed inside Tier 1 firms and enterprises. She ensures GenieAI's alignment with the latest regulation and executes testing on the legal robustness of Genie output.

LinkedIn

Reviewed by

Imad Mohammed Nazar

Legal Engineer, GenieAI

Imad Mohammed Nazar profile photo

A Skadden-trained M&A lawyer, Imad advised on cross-border transactions and contractual risk before moving into legal AI. He reviews GenieAI's output for compliance and enforceability across our 150+ supported jurisdictions, as well as facilitating external benchmarking.

LinkedIn

Jurisdiction

United Arab Emirates

Reviewed by

Swetha Meenal & Imad Mohammed Nazar

Publisher

GenieAI

Category

Consent Form

Sector

Business

Cost

Free to use

Last updated

About the Personal Information Consent Form

When your organization collects personal information from individuals in the United Arab Emirates, you need a legally compliant consent form that meets federal data protection requirements. The Personal Information Consent Form serves as your legal foundation for processing personal data, ensuring you obtain explicit, informed consent from data subjects before handling their information. This document is essential for demonstrating compliance with UAE Federal Decree Law No. 45 of 2021 and protecting your organization from regulatory penalties.

When do you need this document?

You require a Personal Information Consent Form whenever your organization collects personal data from customers, employees, or any individuals within the UAE. This includes situations such as customer registration processes, employee onboarding, marketing campaigns, service delivery, or research activities. The form becomes particularly crucial when processing sensitive personal data categories like health information, financial records, or biometric data. Organizations operating across multiple emirates or within free zones like DIFC or ADGM must ensure their consent forms address specific jurisdictional requirements. You also need updated consent forms when expanding data processing activities or sharing information with third-party processors.

Key legal considerations

Your consent form must demonstrate that individuals understand exactly what personal data you collect, how you process it, and their rights regarding that information. The consent must be freely given, specific, informed, and unambiguous under UAE law. You must clearly explain the purpose of data collection, specify data categories being processed, identify any third parties who will access the information, and outline data retention periods. The form should include withdrawal mechanisms, allowing individuals to revoke consent at any time. You must also address cross-border data transfers if your organization shares information internationally. Additionally, ensure your form accommodates special consent requirements for minors, requiring parental or guardian approval for individuals under 21 years of age.

Legal requirements in United Arab Emirates

Federal Decree Law No. 45 of 2021 establishes comprehensive data protection obligations that your consent form must address. The law requires explicit consent for all personal data processing activities, with enhanced protections for sensitive data categories. Your form must comply with transparency obligations, providing clear information about data controllers, processing purposes, and legal bases for processing. If your organization operates within the Dubai International Financial Centre, you must also comply with DIFC Data Protection Law No. 5 of 2020, which imposes additional consent requirements. Similarly, Abu Dhabi Global Market entities must adhere to ADGM Data Protection Regulations 2021. The UAE Constitution Article 31 further reinforces privacy rights that your consent mechanisms must respect. Failure to obtain proper consent can result in administrative fines up to AED 2 million and operational restrictions, making compliant consent forms essential for business continuity.

GOVERNING LAW

Applicable law

This Personal Information Consent Form is drafted to comply with United Arab Emirates law. Key legislation includes:

Federal Decree Law No. 45 of 2021: The UAE's primary federal data protection law that establishes the framework for personal data protection, including requirements for consent, data processing, and individual rights
UAE Constitution, Article 31: Establishes the fundamental right to privacy of communications and personal information
UAE Federal Law No. 5 of 2012 on Combating Cybercrimes: Contains provisions relating to privacy violations and unauthorized processing of personal data in electronic form
DIFC Data Protection Law No. 5 of 2020: Specific data protection regulations for the Dubai International Financial Centre, relevant if the organization operates within the DIFC
ADGM Data Protection Regulations 2021: Abu Dhabi Global Market's data protection regulations, applicable if operating within the ADGM
UAE Consumer Protection Law (Federal Law No. 15 of 2020): Contains provisions relating to consumer privacy and data protection in commercial transactions
UAE Healthcare Data Protection Guidelines: Specific regulations governing the protection of health-related personal data in the UAE healthcare sector
UAE Central Bank Consumer Protection Regulation: Contains specific requirements for handling personal financial data in the banking sector

Explore 208,390+ legal templates

Explore 208,390+ legal templates

Genie's Security Promise

Genie is the safest place to draft. Here's how we prioritise your privacy and security.

Your data is private:

We do not train on your data; Genie's AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

We are ISO27001 certified, so your data is secure

Organizational security:

You retain IP ownership of your documents and their information

You have full control over your data and who gets to see it