What does EU’s GDPR mean for the UAE?
The introduction of the EU’s General Data Protection Regulation (GDPR) is less than two months away, on May 25.
The regulation will replace all current data protection laws in every European Union country, with the view to strengthening and normalizing data protection for individuals across the EU.
It will also address the export of personal data outside the EU, and this is where entities are operating outside of Union, like those working in the UAE, will be affected.
Looking to move?: Abu Dhabi property prices report reveals “Mixed Trends”
It stipulates that if an organization based outside Europe is processing personal data related to data subjects in the EU, that organization may be subject to compliance with the regulation. Companies in the UAE – and elsewhere in the world – may potentially be impacted by the GDPR if they offer products to individuals within the EU.
As such, international business partners in specific verticals such as financial services are already starting to mandate compliance with GDPR standards through contractual terms, and EU consumer expectations around privacy are higher than ever.
The introduction of the GDPR will bring with it a heightened compliance standard for organizations that handle personal data and heavy sanctions for non- compliance.
An entity outside of the EU is defined as a “data controller” given its use of equipment within Europe for the processing of EU citizen personal data.
Compliance with the regulation would require it to notify the relevant supervisory authority of a personal data security breach within 72 hours of becoming aware of such violation, where feasible.
The entities may also be required to inform the affected individuals where the incident could cause them serious harm. The GDPR is an attempt to institute guidelines that better fit modern digitized society.
Cybersecurity threats continue to grow
There are massive increases in malware and vulnerabilities in “things” we already know, and this is now worsened by the expansion of new attack surfaces: Internet of Things, smart-everything, mobile, cloud, autonomous vehicles, etc.
Our collective ability to recognize and respond to these problems as a society, as enterprises/entities, or as individuals have not increased or kept pace with the threat actors and risks. This gap is growing at an increasing rate to the negative.
We need to develop machines to take all the data we are generating, to learn from it, and to think faster than we can to anticipate and resolve cyber problems on our behalf – Machine Learning and Artificial Intelligence, supported by adequate regulation, are the keys.
About the author: Eddie Schwartz is Executive Vice-President of Cyber Services at DarkMatter. He may be contacted on Twitter @EddieSchwartz.