Gulf companies risk hefty fines if not compliant with European Union's GDPR

If an organisation based outside Europe is processing personal data related to data subjects in the UAE, they may be subject to compliance within the regulations
Gulf companies risk hefty fines if not compliant with European Union's GDPR
ICAEW Middle East regional director Michael Armstrong.
By Bernd Debusmann Jr
Mon 16 Jul 2018 11:41 AM

The many GCC businesses that still are not in compliance with the European Union’s General Data Protection Regulation (GDPR) must act immediately or risk hefty fines, according to the Institute of Chartered Accountants in England and Wales (ICAEW).

While the law is primarily designed to ensure data and protection and privacy for people living in the EU and the European Economic Area (EAA), it also addresses the export of personal data to companies and jurisdictions abroad.

In a statement, the ICAEW noted the GDPR is a “complex process” that requires businesses around the wold to strengthen the personal data of EU citizens.

If an organisation based outside Europe is processing personal data related to data subjects in the UAE, they may be subject to compliance within the regulations, meaning that companies in the GCC and elsewhere may potentially be impacted by the GDPR.

“Many of the GCC organisations still don’t know if GDPR affects them or if they are GDPR compliant,” said ICAEW Middle East regional director Michael Armstrong.

“With the introduction of the EU’s GDPR law on the 25th of May 2018, organisations all over the world had to adhere to much heightened compliance standards with the way they handle personal data.”

Armstrong added that “regional leaders and businesses outside the EU must be proactive and raise awareness of the fact that they may be affected.”

To help facilitate compliance, ICAEW has published a ‘GDPR checklist’, which begins with the appointment of someone senior to oversee the process and a review of existing information and cyber security procedures, as well as the implementation of any necessary update.

ICAEW also suggests that companies map their data, review contracts with clients, suppliers and employees, draft data protection policies and procedures and train staff to understand data protection issues, even if they don’t understand the GDPR in its entirety.

For all the latest tech news from the UAE and Gulf countries, follow us on Twitter and Linkedin, like us on Facebook and subscribe to our YouTube page, which is updated daily.

Subscribe to our Newsletter

Subscribe to Arabian Business' newsletter to receive the latest breaking news and business stories in Dubai,the UAE and the GCC straight to your inbox.