image not found image not found
image not found
image not found

How can the UAE leverage the EU GDPR

22 June 2020 | Jose Carrera & Leonard Kamau

It has been two years since the General Data Protection Regulation (GDPR) came into enforcement(1). The law was designed to protect consumers, their digital identities, and how their personal information could be used. The law mandated that user data, commonly referred to as Personally Identifiable Information (PII), cannot be utilised by organisations without their explicit consent. GDPR applies to the European Union (EU) geography; however, there are plenty of organisations outside the EU who process EU residents’ data(2).hence making those organisations have an increased awareness adherence to compliance with GDPR.

To date, the UAE has not created nor published a unified data protection guidance. However, both the Emirates of Dubai and Abu Dhabi have respective “data protection” or privacy requirements. There are two applicable data protection regulatory requirements specific to Financial Services Free Zones. These consist of The Dubai International Financial Centre (DIFC) and Abu Dhabi Global Market (ADGM), respectively. These, however, are only applicable to organisations operating in the two Free Zones. Case in point:

  • DIFC Data Protection Law 2020 increases privacy compliance requirements for organisation registered within DIFC
  • Data Protection Regulations 2015 governs the processing of personal data by persons operating in the ADGM

What are some of the benefits that can be leveraged by the UAE since the inception of GDPR:

First, it is worthwhile to note that the GDPR has brought significant changes to organizations’ data collection, storage, processing and disposal procedures. Secondly, we have seen more responsibility placed on those who store, process and control the data, therefore prompting organizations to take privacy more seriously and put in the relevant technologies to ensure the data is secure. While the regulation does not give specific directives on how Information Technology environments should be designed (network, computing and storage)(3), it does require organizations to deploy the “right set of technology” to ensure and assure that the data they process is secure. This means that organizations need robust solutions that can, to a certain extent, provide a safe and secure environment for information processing.

Therefore, what can UAE based entities extrapolate from the recently enacted GDPR despite not having an endorsed data protection guidance similar to the EU’s GDPR?

Competitive Edge:

Today throughout Europe, privacy is not only a matter of compliance, but it is becoming a marketing and operational advantage for many organisations. Leveraging this competitive edge here in the UAE could provide additional clarity to customers on the purpose of the data collected hence giving assurance to customers that the data shall solely be used for its intended purpose. This assurance in the EU region has made compliant businesses be a step ahead of their non-compliant competitors.

Enhanced Data Management Practices:

Operational efficiencies and performance gains are made through good data privacy and governance practices. One component to accomplish this is by creating a data governance framework. The availability of this could ensure that customer information is up to date, accurate and as lean as possible. Despite this not being a requirement by the regulation it does demonstrates that customer data rights are respected and consequently act as an equivalent of a data cleanse (in the case where data requires to be deleted) which ultimately improves performance and the return of investment on the infrastructure and services procured.

Efficiency & Security of Digital Platforms:

In an age of E-commerce and Digital marketing, businesses are likely to have third party technologies running their websites or e-commerce platforms without their knowledge. These 3rd-parties may not have established or appropriate security controls. This tends to raise some concerns such as data leakage and lowered performance of the digital platforms. Therefore, when a business is in a position to monitor and manage its backend operations by use of security tools and services, the organization protects itself from possible data leaks: moreover, efficiency and less downtime is realized on the said platforms.

Cyber Safe Environment:

With the significant paradigm change, especially here in the UAE by “working from home” and online distance learning; these initiatives bring unique challenges, whereby organizations must remain mindful of their legal obligations to keep personal data secure. In particular, GDPR imposes a general obligation upon data controllers and processors to ensure the security of data processing against accidental or unlawful loss, damage, destruction, alteration or disclosure(4).

For you to realise these significant advantages for your organisation, get in touch with our consultants at ,and we shall guide you on ensuring that your organisation is at the forefront of having a secure cyberspace. We’d love to hear from you!


(1) The General Data Protection Regulation 2016/679 is a regulation in European Union law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and the EEA areas. Implementation date: 25 May 2018.
(2) GDPR Principles, General Provisions, Articles 4 – Definitions
(3) - Computer hardware platforms
(4) Chapter 4 Controller and processor

We Are Digital14

Connect with us

© Digital14. All rights reserved.