You are hereHome SectorsServices
Why GDPR could spell greater data privacy in the Middle East
Source: Thomas Dean , Author: Thomas Dean
Posted: Wed February 7, 2018 11:30 am

UAE. From May 25th of this year, a new EU directive called the General Data Protection Regulation is due to be introduced across all EU states.

As the name suggests, it’s concerned with protecting the individual data of all EU citizens, something that has been identified as a fundamental human right and, therefore, is being treated with all the seriousness this deserves.

"Cloud Security - Secure Data - Cyber Sec" (CC BY-SA 2.0) by perspec_photo88

This is also reflected in the penalties for failing to comply, which could potentially be as high as 4% of an offending organisation’s annual revenue or 20 million euros, depending on circumstances.

The kinds of breaches that the regulation covers include failing to keep customers details safe as well as making it obligatory to report any data breaches as soon as possible after they occur. It also covers a far wider range of personal information than ever before, including IP addresses, device IDs and location data. It even goes as far as protecting an individual’s genetic and biometric information.

While this is a Europe-wide initiative, the GDPR could also have major ramifications for countries in the Middle East as any business that has dealings with EU countries, or holds any data concerning EU citizens, will have to comply and will face the same sanctions if they fail to do so.

As different countries in the region have their own data protection protocols, some stricter than others, it won’t be a question of a “one size fits all” solution and each country would do well to seek some clarity on GDPR if they are to make themselves truly compliant.

There will be a number of requirements to achieve compliance including these principal ones:
 
-  Any organisation based in the Middle East that processes the data of EU citizens will need to designate a representative in the EU.
-  Data breaches must be notified within 72 hours of them occurring and affected individuals may also have to be notified.
-  Privacy-by-design will be the obligatory approach so, for example, before any high-risk data processing is carried out, a privacy impact assessment will have to be done and any identified risks will need to be mitigated.
-  Any organisation that carries out high volumes of processing using sensitive data will have to appoint an official Data Protection Officer.
-  People whose data is on file will need to have the right to have all records of them erased and the data holders will have to ensure that they can do this.

Doha - Qatar Skyline (CC BY-SA 2.0) by jikatu

Some countries have already taken great strides towards compliance. For example, in 2016, Qatar brought its own Data Privacy and Protection Law into force and others have also taken strides towards tightening up their rules.

For instance, the governmental body of the Dubai International Financial Centre has also recently enforced a new privacy policy, although it still falls some way short of the requirements of the GDPR.

So these next few months will certainly be a challenging time for all Middle Eastern organisations who aim to trade with Europe. But the result will hopefully be a more secure world for individuals and businesses at a time when data attacks and breaches are undoubtedly on the increase all across the globe.

Inset photo: For illustrative purposes only. (File photo)

 

MIDDLE EAST BUSINESS COMMENT & ANALYSIS

date:Posted: September 21, 2018
UAE. Analysts to explore AI developments and influence on businesses at the Gartner Symposium/ITxpo 2019, March 4-6 in Dubai, United Arab Emirates.
date:Posted: September 20, 2018
UAE. Research from Aruba and Ponemon Institute shows security teams view Machine Learning and network visibility for users and IoT devices essential for battling stealthy threats inside IT infrastructures.
date:Posted: September 19, 2018
UAE. Few are confident in spotting security risks and vulnerabilities in DevOps operated public cloud environments.
dhgate