RIYADH: Business organizations need to be aware of the risks of prosecution and violating the rules of GDPR, a new set of rules that sets guidelines for the collection and processing of personal information of individuals within the EU, said Mohammed Khurram Khan, a professor of cybersecurity at the Center of Excellence in Information Assurance.
This could result in huge penalties of up to 4 percent of their global turnover or €20 million, whichever is greater, Khan said.
The personal data could be any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
“The GDPR will not only affect companies within the EU, but it also has global scope, which would impact any company that offers goods or services to the EU residents or monitors their online behavior, for example, online shopping habits,” Khan pointed out.
In addition, GDPR will affect any company in any sector in the Middle East and the GCC countries that sell goods or provide services to any of the EU member states, or handles any of the data of its approximately half a billion inhabitants, Khan said, adding that these companies should have to develop a strategy and processes to abide by the new regulation as soon as possible.”
Khan represented the Kingdom at a workshop at the Royal Institute of International Affairs (Chatham House) in London entitled “Data Protection, Privacy and the GDPR: Is the GCC Ready?” in which he discussed the current data protection landscape in the Gulf Cooperation Council (GCC) states.
Khan, who has returned from the London workshop, told Arab News on Monday: “The aim of this forum was to bring together business leaders, lawyers, academics, and policymakers from the GCC as well as from the UK and key international institutions to discuss the current data protection landscape in the Gulf, especially the newly implemented General Data Protection Regulation (GDPR).
“The GDPR, which has been enforced on May 25, 2018, focuses on keeping businesses more transparent and expanding the privacy rights of the people.”
He said that the increasing numbers of data and cyber breaches in the Gulf have intensified the discussions around data protection and privacy and have triggered several initiatives at the government, public and private sector levels.
New technology developments mean that there is both a greater supply and demand for data than ever before but, as recent events have shown, data can be harvested for political as well as commercial reasons.
With the adoption of the European Union’s GDPR, the GCC businesses have been working to put in place policies and measures to comply with the new requirements and to avoid the hefty fines due to non-compliance.
Khan added that the participants at the event discussed key topics on the GDPR, its core concepts and principles, implications and impact on GCC countries, the relationship with data protection authorities, enforcement and sanctions, data protection and privacy landscape, and the preparedness of the GCC countries for it.
“Data breaches could happen inevitably and personal data could be lost, stolen or otherwise released into the hands of malicious people for misuse, but with the newly mandated GDPR, organizations as well as those who collect, process, and manage data would be obliged to protect its misuse to respect the rights of data owners,” Khan said.
Workshop discussed data protection landscape in GCC
Workshop discussed data protection landscape in GCC
- The personal data could be any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier
- GDPR will affect any company in any sector in the Middle East and the GCC countries that sell goods or provide services to any of the EU member states