Yes. The Dubai International Financial Centre ("DIFC") Data Protection Law (DIFC Law No. 5 of 2020, as amended by DIFC Law No. 2 of 2022) is closely aligned with the EU General Data Protection Regulation ("GDPR"). The contractual requirements to be included in an agreement with an outsourced service provider will be similar to those required under Article 28 of the GDPR, including the requirement to stipulate the subject matter and duration of the processing, the nature and purpose of the processing, and the type of personal data and categories of data subjects, as well as commitments to comply with documented instructions from the controller. This is to ensure that persons authorized to conduct processing do so under legally binding agreements or duties of confidentiality, and that they delete or return all personal data at the controller's option once the services have been provided.