Skip to main content

GDPR - Costly Restriction or New Business Opportunity?

 By: Talal Wazani, Manager Strategic Security Consulting at Help AG

While VAT compliance is currently top of mind for Middle East businesses, many are unaware of the implications of the General Data Protection Regulation (GDPR). The European Union (EU) regulation aims at strengthening and unifying data protection for all EU citizens and is set to come into effect by May 2018. With just over six months till its implementation, there is still much confusion about the applicability of GDPR to organizations outside the EU that process and control data of EU citizens. Unfortunately, this places Middle East businesses of all sizes and across diverse verticals including cloud services, banking and finance, healthcare, insurance and tourism at significant risk.

The Importance of Data Privacy

Data is the lifeblood of business today. However, awareness about privacy among companies is relatively low and there are early warning signs that Middle East businesses are not prepared to handle the deluge of personal data.

This year, with Equifax, the security industry witnessed one of the largest breaches of highly sensitive personal information and the impact of such breaches will be borne by consumers for years to come. The importance of safeguarding personal data cannot be neglected. The EU is taking the lead by penalizing companies with heavy financial penalties if they fail to comply with the regulation. For businesses therefore, it is always better and less costly to prepare in advance, rather than face the fines and reputational damage later.

Why GDPR Matters to the Middle East

Many regional organizations operate as subcontractors of European companies, conducting activities that include processing and supply of goods, delivery of services, and monitoring of customer behaviours through social media and data analytics. Simply stated, any company, even one outside the EU, that is targeting consumers in the EU, will be subject to GDPR.

Although any organization processing the personal data of EU citizens is fully accountable to demonstrate compliance with GDPR, few are aware of their direct obligations. Such responsibilities might include implementing technical and organizational measures and notifying protection authorities in the event of a data breach. Abiding with GDPR also includes acknowledging documented compliance, conducting data protection impact assessments for risky data processing activities, and implementing data protection by design in operational processes and as a culture among employees.

The GDPR will enforce penalties for breaches by imposing fines for violations of up to 4% of annual worldwide turnover of a company for a data breach and up to 2% of annual worldwide turnover for non-compliance. In addition, the people affected by the data breach will be entitled to sue the company which failed to protect their data. Therefore, once the GDPR becomes effective in 2018, many EU organizations will be highly selective of the partners they chose to work with as many Middle East companies will face significant compliance challenges.

Getting Prepared

For years now, organizations have faced difficulties in identifying their critical data and where it resides throughout its lifecycle. This is step number one not only in GDPR compliance but also in defining a cyber-security strategy within an organization.

The most important activity an organization that intends to become GDPR compliant will need is to conduct is an exhaustive inventory of the data related to their business processes. They will then have to either isolate EU citizens’ data from the rest or handle all data in compliance with the GDPR. It will be a real challenge especially for multinational companies that might now have to consider building entirely new data storage systems just for EU data.

With cloud computing becoming an increasingly prevalent technology, another very important element of becoming compliant with GDPR will be to review the data and the protection clauses of third-part cloud storage and service partners.

A common mistake most businesses make with cyber security is to haphazardly invest in trendy technical solutions without focusing on their effective implementation and operation according to strategic roadmaps. At Help AG, we recommend using a practical approach, and adapting the company’s existing security technologies in line with GDPR frameworks. A holistic approach to data inventory, initial compliance analysis and risk assessment, can help businesses optimize their budgets, focusing on the protection of critical data and minimizing related risks.

Of course, a key success factor in the GDPR compliance journey is to have a Data Protection Officer (DPO) or professional who can support the organization in realizing its strategic data protection roadmap. GDPR compliance will require the DPO to have not only broad knowledge of security technologies and interpretation of the regulation requirements, but also keen awareness of legal and human resources.


The GDPR is definitely a turning point in attitudes and an opportunity to put businesses at the forefront of data protection, enabling them to build trust with customers. As the frequency of cyber-attacks continues to rise, organizations must focus on data protection to safeguard their business rather than to simply comply with frameworks such as the GDPR.

Instead of viewing the regulation as a business limitation, companies should consider it as an opportunity that can help them redefine the marketing landscape. The GDPR can be used by organizations that deal with sensitive information as a potential means to forge long-term relationships with their customers, based on trust and transparency.


Popular posts from this blog

Cloud Computing powering India’s priority of ‘Digital-first country’

By: Sunil Mahale, India MD and VP, Nutanix
Digital transformation has been recognized as being vital to the growth of our nation. This transformation has enjoyed the unanimous approval and contribution from all stake holders including enterprises, MSMEs, government bodies and citizens. But this level of adoption in a country with a population of over a billion people would need a robust technology base that is capable to collecting and distributing vital data seamlessly.
Digital India envisions creating high speed digital highways, that will impact commerce and create a digital footprint for every individual. Technologies based on mobility, analytics, Internet of things and most importantly, cloud technologies are the building blocks for the digital India missionThere is a growing need to manage huge volumes of data, and making them readily available to public through digital cloud services. Cloud has a pivotal role in enabling this change.
While Data centers have become crucial to th…

Semalt Expert Tells The Reasons Qualitative SEO Services Are Not Cheap

Just like the internet, Search Engine Optimization is constantly changing. Also, it's becoming more difficult to perform a good SEO as soon as Google is continuously improving the algorithm of ranking websites. SEO becomes more complicated so you should expect to pay more for hiring SEO specialists or agencies.
The leading Customer Success Manager of Semalt, Igor Gamanenko explains what factors force SEO services cost increase.
SEO Expertise
SEO has been undergoing the crucial changes and updates over the last 10 years. In the early days of SEO, Google only was caring about the technical aspect of your website, links and keyword metadata to rate you higher. The rating guidelines were quite easy: all you had to do was using some keywords in your metadata and more links than your competitors. This was enough to give you a higher ranking in search engines.
Today, the game has completely changed. Through semantics, Google has a better understanding of internet searches, so it can judg…

RevStart launches its RevItUp Incubation Programme

Underlining its vision of creating a nurturing ecosystem for start-ups to grow in, RevStart, a co-working and incubation centre, has announced the launch of its RevItUp Incubation Programme. The 12-week long programme will be held at RevStart Incubation Centre in Noida from July 1, 2018 onwards. As part of the programme, RevStart will select five high potential start-ups from the ed-tech sector, AI, Consumer Internet, Sustainability, as well as for-profit social impact companies to assist them with developing their business, along with connecting them to global mentors across industries and sectors. In addition, start-ups selected for the programme will receive INR 5 lakh to Rs. 25 lakhs worth of cash and benefits, while RevStart will get an equity stake in the ventures.
The RevItUp Incubation Programme has been created to enhance the founding team’s industry, product, and company building knowledge and capabilities through a world-class curriculum. The programme will focus on tailor…