Informational only, Not to be considered as final
As with the European Union’s General Data Protection Regulation (GDPR) is fast approaching deadline (May 25, 2018), we would like to share some information
The General Data Protection Regulation(GDPR) is coming into effect on 25th May 2018, and businesses across globe that handle EU citizen’s personal data are contemplating its affects and what they need to do to comply.
Organisations have short time to ensure that their companies policies and processes adhere to the new regulations, and if they don’t, that they are able to change them before the deadline rolls around.
Failure to do so may mean a fine of up to €20 million or 4% of the organization’s global annual turnover (whichever is higher). Depending on a company’s size and structure, the GDPR has the potential of exposing companies to penalties amounting to billions of euros.
Who will need to be compliant?
It’s not simply EU companies that are affected by the GDPR. Organisations outside of the EU must also be compliant if:
- They have branches, representatives or subsidiaries in the EU
- They provide goods or services to EU citizens, even if they have no physical presence within the EU
- They process and analyse EU citizen’s personal data in any way, even if they have no physical presence, or provide no goods or services to the EU
As the European Union and the United Arab Emirates have a substantial trading relationship, it will be important to comply with the GDPR for this to continue.
Why should the UAE care about the GDPR?
Reported in Gemalto’s 2016 Breach Level Index, worldwide data breaches were up by 86% compared to 2015. The UAE alone was up by almost 17% with identity theft accounting for the majority. Data security is becoming much more important to companies who wish to keep their customer’s information safe.
Currently, data protection and privacy differ across Middle Eastern countries. There is no federal data protection law within the UAE, for example. If there are policies in place, they are localised for individuals and organisations, and are often very general.
Some parts of the UAE operate as “economic free zones”, which have “independent privacy regimes” such as the Dubai International Finance Centre (DIFC). But changes are already set to occur to generate harmonization with the GDPR and to toughen the policies currently in place.
According to Dr. Jassim Haji, Director of IT at Gulf Air, the GDPR could even “serve as a catalyst for nations in the [Middle Eastern] region to enforce stronger privacy protections”. It is currently not mandatory to disclose breaches either, and so the GDPR will also help to close the gap in this respect too.
Is your business going to be affected by the GDPR?
GDPR applies to all companies within the EU that handle personal data but also to organisations outside of the EU that offer goods or services to individuals in the EU or monitor the behavior of individuals in the EU.
(A informational flowchart representation for better understanding)
If you DO NOT WANT to be affected, then you must determine how your business will need to change so that it doesn’t deal with EU citizen’s personal data, such as making it clear your company’s website/app is not intended for EU citizens. Make use of Geo-blocking technology where access to your content is restricted based on geographical location.
If you ACCEPT you’re going to be affected, start looking at the necessary steps you will have to take to comply.
For more details, information you may please refer – https://www.eugdpr.org