Administrative Resolution No. (19) of 2022

Approving the Requirements and Procedures for

Issuing Permits to Access the Central Register of

Employees of the Government of Dubai[1]

ـــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــ

The Director General of the Dubai Government Human Resources Department,

After perusal of:

Law No. (31) of 2009 Establishing the Dubai Government Human Resources Department and its amendments;

Law (2) of 2016 Establishing the Dubai Data Establishment and its amendments;

Law No. (1) of 2021 Establishing the Dubai Digital Authority; and

Executive Council Resolution No. (25) of 2020 Concerning the Central Register of Employees of the Government of Dubai and its amendments,

Does hereby issue this Resolution.

Definitions

Article (1)

The following words and expressions, wherever mentioned in this Resolution, will have the meaning indicated opposite each of them unless the context implies otherwise:

Emirate:

The Emirate of Dubai.

Government:

The Government of Dubai.

DGHR:

The Dubai Government Human Resources Department.

DDE:

The Dubai Data Establishment.

Government Entity:

Any of the Government departments, public agencies or corporations, councils, authorities, or other public entities affiliated to the Government.

Register:

The Central Register of Employees of the Government of Dubai established pursuant to the above-mentioned Executive Council Resolution No. (25) of 2020.

Data:

A collection of organised or unorganised information, facts, concepts, instructions, observations, or measurements, in the form of numbers, letters, symbols, or images, or in any other form, that are collected, produced, or processed by Government Entities. This includes any information.

Permit:

An approval issued by the DGHR authorising a Government Entity, an individual, or any other entity to access the Data of Employees in the Register.

Requirements for Issuing Permits

Article (2)

The issuance of a Permit will be subject to the following requirements:

1.    The names and Data of the applicant entity employees who will use the Register must be provided.

2.    A confidentiality and non-disclosure undertaking in respect of the Data of the Register, on the form prescribed by the DGHR for this purpose, must be signed.

3.    The Data requested to be accessed must be available in the Register.

4.    The grounds supporting the application for the Permit to access the Register must be provided.

5.    The Data to be accessed in the Register must be relevant to the activities and work of the entity applying for the Permit.

6.    The persons and entities with whom the Data of the Register will be shared, if any, must be specified.

7.    The period during which the Register will be accessed must be specified.

Procedures for Obtaining Permits

Article (3)

The procedures for obtaining a Permit will be as follows:

1.    An application for the Permit must be submitted, together with the required supporting documents and information, through the Dubai Pulse Platform hosted by the Dubai Digital Authority.

2.    The DGHR will, in coordination with the DDE, consider the Permit application and verify that it meets all relevant requirements and that it is accompanied by all required documents.

3.    The DGHR will determine the Permit application within ten (10) working days from the date of its submission. Where required, this time frame may be extended.

4.    Where the Permit application is rejected, the DGHR will notify the applicant of the reasons for rejection.

5.    Where the application is approved, the DGHR will issue the applicant with the Permit and will determine the rules for accessing the Register by the Permit holder.

Obligations of Permit Holders

Article (4)

A Permit holder must:

1.    comply with the Data protection and security legislation in force in the Emirate; 

2.    use the Data in the Register for the purpose stipulated in the Permit;

3.    maintain the confidentiality of the Data in the Register and refrain from sharing it with others;

4.    comply with the methods of sharing the Data in the Register as prescribed by the DGHR in this respect;

5.    where the Permit is issued to the applicant entity for research purposes, process the Data in the Register in a manner that does not disclose the identity of individuals; and destroy any preliminary Data that may lead to such disclosure;

6.    maintain the level of sensitivity and confidentiality of the Data in the Register as prescribed in the Permit;

7.    satisfy all technical and regulatory requirements for protecting the Data in the Register; and

8.    immediately notify the DGHR and the DDE in case of any emergency that requires replacing the person authorised by the Permit holder to access the Data in the Register, or where an error that may affect the quality of Data in the Register is discovered.

Revocation of Permits

Article (5)

The DGHR my revoke a Permit in any of the following cases:

1.    using the Data in the Register for other than the purpose stipulated in the Permit;

2.    failure to maintain the confidentiality of the Data in the Register; or

3.    failure to comply with any of the obligations stipulated in this Resolution.

Publication and Commencement

Article (6)

This Resolution will be published in the Official Gazette and will come into force on the day on which it is published.

Abdullah Ali bin Zayed Al Falasi

Director General

Dubai Government Human Resources Department

Issued in Dubai on 13 May 2022  

Corresponding to 12 Shawwal 1443 A.H.  

 


©2022 The Supreme Legislation Committee in the Emirate of Dubai

[1]Every effort has been made to produce an accurate and complete English version of this legislation. However, for the purpose of its interpretation and application, reference must be made to the original Arabic text. In case of conflict, the Arabic text will prevail.