You are hereHome SectorsServices
Why GDPR could spell greater data privacy in the Middle East
Source: Thomas Dean , Author: Thomas Dean
Posted: Wed February 7, 2018 11:30 am

UAE. From May 25th of this year, a new EU directive called the General Data Protection Regulation is due to be introduced across all EU states.

As the name suggests, it’s concerned with protecting the individual data of all EU citizens, something that has been identified as a fundamental human right and, therefore, is being treated with all the seriousness this deserves.

"Cloud Security - Secure Data - Cyber Sec" (CC BY-SA 2.0) by perspec_photo88

This is also reflected in the penalties for failing to comply, which could potentially be as high as 4% of an offending organisation’s annual revenue or 20 million euros, depending on circumstances.

The kinds of breaches that the regulation covers include failing to keep customers details safe as well as making it obligatory to report any data breaches as soon as possible after they occur. It also covers a far wider range of personal information than ever before, including IP addresses, device IDs and location data. It even goes as far as protecting an individual’s genetic and biometric information.

While this is a Europe-wide initiative, the GDPR could also have major ramifications for countries in the Middle East as any business that has dealings with EU countries, or holds any data concerning EU citizens, will have to comply and will face the same sanctions if they fail to do so.

As different countries in the region have their own data protection protocols, some stricter than others, it won’t be a question of a “one size fits all” solution and each country would do well to seek some clarity on GDPR if they are to make themselves truly compliant.

There will be a number of requirements to achieve compliance including these principal ones:
 
-  Any organisation based in the Middle East that processes the data of EU citizens will need to designate a representative in the EU.
-  Data breaches must be notified within 72 hours of them occurring and affected individuals may also have to be notified.
-  Privacy-by-design will be the obligatory approach so, for example, before any high-risk data processing is carried out, a privacy impact assessment will have to be done and any identified risks will need to be mitigated.
-  Any organisation that carries out high volumes of processing using sensitive data will have to appoint an official Data Protection Officer.
-  People whose data is on file will need to have the right to have all records of them erased and the data holders will have to ensure that they can do this.

Doha - Qatar Skyline (CC BY-SA 2.0) by jikatu

Some countries have already taken great strides towards compliance. For example, in 2016, Qatar brought its own Data Privacy and Protection Law into force and others have also taken strides towards tightening up their rules.

For instance, the governmental body of the Dubai International Financial Centre has also recently enforced a new privacy policy, although it still falls some way short of the requirements of the GDPR.

So these next few months will certainly be a challenging time for all Middle Eastern organisations who aim to trade with Europe. But the result will hopefully be a more secure world for individuals and businesses at a time when data attacks and breaches are undoubtedly on the increase all across the globe.

Inset photo: For illustrative purposes only. (File photo)

 

MIDDLE EAST BUSINESS COMMENT & ANALYSIS

date:Posted: May 23, 2018
UAE. Transformational reform is playing its part in stimulating the deal market across the region according to PwC Middle East's new report "TransAct ME - Deals trends and outlook for the Middle East" published today.
date:Posted: May 22, 2018
UAE. Cyber-criminals are turning their attention to the supply chain as a new means to exploit business data.
date:Posted: May 21, 2018
UAE. A new defence is being developed that will allow companies to tackle the latest threats as soon as they appear on the network; Machine learning enables AI to detect patterns in all sorts of data sources and create behaviours based on recognized patterns.
dhgate