To what extent will GDPR affect business across the UAE?
By, Talal Elmakkawi, partner, and Ahmed Elmakkawi, associate, at Apex Juris Advocates & Legal Consultants, Globalaw
Since before the establishment of societal systems humanity has been concerned with privacy, particularly with regards to the home, family and property. Religious doctrines have inculcated rules to safeguard the privacy of an individual, and, as society has developed, privacy protection has been made sacrosanct through governmental legislation.
It is not surprising
Certainly, the advent of technology has intensified both the potential threat and likelihood of privacy attacks. Such attacks can be organised by any number of anonymous parties, from any chosen location on earth. For example, anonymous frauds may coerce an individual into inadvertently sharing private data, whether for medical, financial, educational or leisure purposes. In response to this growing threat, GDPR seeks to cast a wide and heavy blanket of protection over the private data of EU citizens and residents. Indeed, the new legislation extends beyond the political boundaries of the EU, attempting to guarantee data protection in an ever-growing global cyber arena.
Why GDPR is of paramount interest to UAE?
Across the EU, GDPR aims to grant citizens and residents more control over the ways in which their personal data is both used and shared. Several companies such as Google and Facebook process data for the betterment of their services; however, there are other areas of business activities that must be carefully considered. The magnitude of trade interactions between the EU and UAE is estimated to be over AED 60-70B, making the UAE the biggest EU business partner in the region. A large number of EU citizens across the UAE will
The UAE has no single national regulatory authority in place for data protection in alignment with Article 50 of GDPR legislation. GDPR places greater emphasis on the importance of accountability in comparison to the UK Data Protection Act of 1998. This raises the question as to the conflict of new GDPR laws with older legislation across non-member state countries.
Dubai is an internationally leading financial hub (according to AIG reports). Consequently, the UAE is ranked as the fifth most-likely jurisdiction to be targeted by cybercriminals, with hundreds of attacks taking place every day. Companies operating in the UAE as controllers and processors of private EU data are at risk of attacks. The improper storage of data, as well as the poor management of data exchanges with third
While there are numerous variables contributing to the current situation across the UAE, it is not the intention of this article to address these extensively. On the contrary, this article serves to briefly highlight the main ways in which GDPR has impacted the UAE since its activation. Ultimately, the UAE must establish a ‘privacy shield framework.’ Such a framework would need to uphold the authority of GDPR (with potential reciprocity in circumstances where entities in the EU deal with citizens and residents of the UAE) without causing adverse effects on trade relations, or
In conclusion, there is no doubt that UAE is entering into a difficult period after GDPR activation. To guarantee the successful enforcement of GDPR outside the EU, it is vital that any conflicts of law are carefully addressed. This can only be tackled once agreements in the form of treaties have been achieved between the EU and UAE.