GDPR compliance in the Middle East: What you need to know

Organizations across the region are struggling to comply with the EU’s privacy law; here's how to clear stumbling blocks and keep regulators happy.

5 gdpr compliant notification documentation
Getty Images

The European Union's introduction last year of the General Data Protection Regulation (GDPR) is still creating challenges for companies in the Middle East, especially small and medium-size enterprises (SMEs).

Governments across the region have long been pursuing economic growth programs to boost employment and diversify GDP away from oil-and-gas production. As the private sector toils to realize this vision, SMEs have been hit hardest by the costs of national regulatory compliance in their own markets as governments react to high-profile cyberattack such as Saudi Aramco’s battle with the Shamoon virus in 2012, a similar onslaught at Qatar’s Ras Gas the same year, and other such incidents.

At the same time, Middle Eastern businesses must address GDPR. In Europe, hyperbole about the breathtaking rate of data collection businesses, coupled with worries about the control technology companies have over personal information, led to calls for regulatory action.

In a bid to address privacy concerns, the European Union introduced GDPR. Enshrined in European law since 25 May 2018, it was designed to cover data protection and privacy for all EU and EEA (European Economic Area) citizens and to place strict controls on the export of that data beyond EU borders.

To continue reading this article register now

Download CIO's Winter 2021 digital issue: Supercharging IT innovation