The biggest shake up in data privacy will come into effect in the EU from Friday, with many in the UAE also likely to be affected by the changes.
New General Data Protection Regulation rules will mean companies must put privacy at the centre of all new applications and processes under EU law.
In the wake of a series of data sharing scandals in the online world, many businesses here will also have to change the way they operate as a result of GDPR rules. This is what we know:
How will this affect UAE consumers?
- The regulations cover data protection and privacy for everyone in the European Union, European Economic Area, those travelling to the continent or doing business there.
- From May 25, consumers will be asked to provide explicit, affirmative consent for their personal data to be used and processed.
- Consumers will now have the right to ask for access to their data to be rectified or deleted.
- The new regulation will affect every organisation across the globe that wants to do business with an individual or EU company.
Why is this happening now?
New rules were required to keep up with the huge amount of digital data being created. Also, a series of scandals over data sharing without consent raised questions in recent months of how secure our information online. The most famous case involved Cambridge Analytica, who were accused of using the data of more than 87 million Facebook users without consent.
The information was allegedly used inappropriately to influence voter opinion during global elections.
“Recent headlines have shown organizations need to do more to safeguard the data of private individuals,” said Giampiero Nanni, EMEA Government Affairs at cyber security specialists Symantec.
”We’ve seen mega breaches resulting in the theft of consumers’ personal information, which can then be used to commit identity and financial fraud.”
What will change?
The GDPR will sweep away the EU’s outdated privacy legislation and harmonise how data is processed and handled across the region.
The new regulation will affect every organisation across the globe that wants to trade with the EU.
Failure to report data breaches will also now carry substantial financial penalties of upto €20 million or four per cent of annual turnover, whichever is greater.
Data controllers will have to immediately notify consumers about the risks and measures taken to mitigate any data breaches, such as changing passwords or cancelling credit cards.
What are businesses in the UAE doing about GDPR?
The changes have been in the pipeline for some time, but may still be a wake-up call for some.
Any business looking to trade with Europe will need to change the way it operates and abide by the new EU data sharing regulations, or face hefty fines.
“The principles set out in GDPR are prescribed at a fairly high level,” said Jeroen Schlosser, managing director of data centre provider Equinix MENA
“This, combined with the fact that compliance is rarely black and white, means enterprises must interpret what those GDPR requirements mean for them, and do their own risk assessment and analysis.”
Ahmed Sousa, regional manager at Solutions Architect, MEA & Turkey, Polycom, said businesses must show they’ve got the technology to support these new policies.
“In order to comply properly with the new regulations, companies in the enterprise tech space must demonstrate that they can put the right processes and policies in place to offer exceptional data security,” he said.