KHALEEJ TIMES, Thursday, Jun 28, 2018 | Shawwal 14, 1439
UAE businesses must secure data or risk 20 million euro fine
Emirates:
Data privacy has become
the primary focus of businesses in the UAE following the implementation of the
General Data Protection Regulation (GDPR) in Europe last month. Most firms and
business groups are aware about the sensitivity of the issue and have been
taking necessary measures to ensure compliance with the new regulations, say
experts.
The GDPR, which aims to reduce the effects of data breaches, has been
anticipated to affect 28 million companies worldwide. There is a growing
awareness about GDPR across the UAE and most firms are in the process of
acquiring BS 10012 certification, a specifically designed standard which mirrors
requirements of GDPR. Those who violate GDPR will have to pay heavy fines up to
?20 million.
"The number of Google searches of the term GDPR has increased by 100 per cent in
the past five months. It is rather surprising that GDPR was a relatively unknown
topic in the region up until three months ago," Ali Shabdar, evangelist, Zoho
Corp, said.
For organisations in the Middle East, GDPR represents a significant change as
there is no specific legal framework to ensure data protection across GCC
states. Analysts have warned that businesses in general and the airline and
hospitality sectors in particular should be vigilant about GDPR implications in
the coming months.
"The implementation of the GDPR on May 25 affects both Emirates and dnata, and
we have been preparing for it since August 2017 to ensure full compliance," an
Emirates spokesperson told Khaleej Times.
Scott Manson, cybersecurity lead for Middle East and Africa at Cisco, said the
telecom, insurance, financial services, hospitality, cloud service providers and
businesses using cookies or other means of tracking behaviour should be more
vigilant about GDPR implications.
"Even if a Middle East business does not have an EU presence, but targets or
monitors EU individuals, then it should understand the impact of GDPR and
consider how it will approach compliance," he said.
Barry Scott, chief technology officer for Europe, Middle East and Africa at
Centrify, said GDPR fines can be significant. There are two levels of potential
fine, depending on the seriousness of the offence.
"The first level of fine is up to ?10 million or two per cent of annual global
turnover, whichever is highest. For more serious offences, the fine can be up to
?20 million or four per cent of annual global turnover, whichever is highest,"
Scott said.
Latest data indicates that the UAE has emerged as one of the largest trading
partners of the European Union. The UAE was the seventh largest destination for
EU products in 2017 with total trade amounting to ?52.6 billion.
"The EU is one of the UAE's largest trading partners. This makes it even more
important for companies from the emirates to consider GDPR compliance," Joanne
Fischlin, head of corporate, external and legal affairs, Microsoft Gulf, told Khaleej
Times.
Foreign investments in the EU are worth about 36 per cent of the GDP produced
annually on its territory and they directly support 7.6 million jobs. EU
investments abroad are worth about 46 per cent of the GDP produced annually and
directly support 14.4 million jobs abroad.
"The GDPR is the first of a wave of data protection legislation that we will see
start appearing across different regions, particularly as data subjects - the
people whose data is being collected - become more aware of what is happening in
other parts of the world," Patrick Grillo, senior director, solutions marketing
at Fortinet, said.