How can the UAE leverage the EU GDPR
To date, the UAE has not created nor published a unified data protection guidance. However, both the Emirates of Dubai and Abu Dhabi have respective “data protection” or privacy requirements. There are two applicable data protection regulatory requirements specific to Financial Services Free Zones. These consist of The Dubai International Financial Centre (DIFC) and Abu Dhabi Global Market (ADGM), respectively. These, however, are only applicable to organisations operating in the two Free Zones. Case in point:
What are some of the benefits that can be leveraged by the UAE since the inception of GDPR:
First, it is worthwhile to note that the GDPR has brought significant changes to organizations’ data collection, storage, processing and disposal procedures. Secondly, we have seen more responsibility placed on those who store, process and control the data, therefore prompting organizations to take privacy more seriously and put in the relevant technologies to ensure the data is secure. While the regulation does not give specific directives on how Information Technology environments should be designed (network, computing and storage)(3), it does require organizations to deploy the “right set of technology” to ensure and assure that the data they process is secure. This means that organizations need robust solutions that can, to a certain extent, provide a safe and secure environment for information processing.
Therefore, what can UAE based entities extrapolate from the recently enacted GDPR despite not having an endorsed data protection guidance similar to the EU’s GDPR?
Today throughout Europe, privacy is not only a matter of compliance, but it is becoming a marketing and operational advantage for many organisations. Leveraging this competitive edge here in the UAE could provide additional clarity to customers on the purpose of the data collected hence giving assurance to customers that the data shall solely be used for its intended purpose. This assurance in the EU region has made compliant businesses be a step ahead of their non-compliant competitors.
Operational efficiencies and performance gains are made through good data privacy and governance practices. One component to accomplish this is by creating a data governance framework. The availability of this could ensure that customer information is up to date, accurate and as lean as possible. Despite this not being a requirement by the regulation it does demonstrates that customer data rights are respected and consequently act as an equivalent of a data cleanse (in the case where data requires to be deleted) which ultimately improves performance and the return of investment on the infrastructure and services procured.
In an age of E-commerce and Digital marketing, businesses are likely to have third party technologies running their websites or e-commerce platforms without their knowledge. These 3rd-parties may not have established or appropriate security controls. This tends to raise some concerns such as data leakage and lowered performance of the digital platforms. Therefore, when a business is in a position to monitor and manage its backend operations by use of security tools and services, the organization protects itself from possible data leaks: moreover, efficiency and less downtime is realized on the said platforms.
With the significant paradigm change, especially here in the UAE by “working from home” and online distance learning; these initiatives bring unique challenges, whereby organizations must remain mindful of their legal obligations to keep personal data secure. In particular, GDPR imposes a general obligation upon data controllers and processors to ensure the security of data processing against accidental or unlawful loss, damage, destruction, alteration or disclosure(4).
For you to realise these significant advantages for your organisation, get in touch with our consultants at Digital14.com/protect ,and we shall guide you on ensuring that your organisation is at the forefront of having a secure cyberspace. We’d love to hear from you!
(1) The General Data Protection Regulation 2016/679 is a regulation in European Union law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and
the EEA areas. Implementation date: 25 May 2018.
(2) GDPR Principles, General Provisions, Articles 4 – Definitions
(3) https://www.quora.com/What-is-IT-infrastructure-and-what-are-its-components - Computer hardware platforms
(4) Chapter 4 Controller and processor
Connect with us