With just a month to go before implementation of the European Union’s General Data Protection Regulation (GDPR), Help AG has warned that the large majority of Middle East organizations are woefully unaware of its implications due to widespread lack of understanding.
In particular, the cybersecurity firm has warned that the definition of ‘data subjects’- the people whose data is protected by the new regulation- is often misinterpreted by regional businesses, thereby leaving them ill-prepared to comply with the GDPR or even exposed to business risk.
Help AG is currently working with some of the region’s largest organizations from the telecom, government, and banking and finance sectors to help them understand GDPR and achieve compliance. This work, combined with meticulous review of the framework by Help AG’s strategic consultancy division has uncovered that the GDPR will apply to all companies storing or processing data of people being in the EU.
This challenges the widely held misconception that the regulation only applies to the data of EU citizens and therefore has far-reaching consequences for businesses across the globe. Dr. Angelika Eksteen, Chief Strategic officer at Help AG, attributes this lack of clear understanding to the fact that a lot of the information available from the internet or even reputed sources is either incomplete or wrong.
Explaining the impact this misinterpretation could have on Middle East businesses, she said: “This is quite simple- if a Middle East business stores or processes data of any individual who might be in the EU at some time, they should prepare for GDPR compliance. As it is virtually impossible to rule out the possibility of a person travelling to the EU at some point in time, all Middle East businesses storing or processing personal data should prepare for compliance with GDPR.”