GDPR

New DIFC Law expected to bring enhanced governance and transparency obligations

The new Dubai International Financial Centre (DIFC) Data Protection Law (DPL) 2020 law, coming into effect from July 1, is expected to bring enhanced governance and transparency obligations.Even though the law comes into force from July, businesses to which the law applies will have a grace period of three months, until October 1, 2020, giving…

The new Dubai International Financial Centre (DIFC) Data Protection Law (DPL) 2020 law, coming into effect from July 1, is expected to bring enhanced governance and transparency obligations.

Even though the law comes into force from July, businesses to which the law applies will have a grace period of three months, until October 1, 2020, giving organisations just a few months to make necessary changes required to bring compliance frameworks into line with the new law.

The new Data Protection Law replaces Data Protection Law DIFC Law No 1 of 2007, which was already one of the most advanced in the region, places Dubai and DIFC at the forefront of data protection in the region and enabling the financial hub to enhance the Centre’s data protection practices related to global data, security and privacy best practice.

It is now more important than ever for companies to have a data management strategy to ensure data compliance is taking place within an organisation – both from an operational and cultural perspective.

By encouraging data responsibility and implementing the latest data management tools, businesses can do their bit in preparing themselves for DPL 2020.

The new DPL 2020 law will actively benefit companies in a range of ways. Not only will it manage data effectively and ensure data compliance, but it will also increase companywide efficiency; provide a competitive advantage and protection against malware attacks.

The new DIFC Law reflects many of the requirements of the EU’s General Data Protection Regulation (GDPR) seen by many as the ‘gold standard’ for data protection compliance.

“From our previous experience in preparing for the GDPR coming into force, we recommend that organisations should start planning now. In particular, organisations should prioritise fact gathering and other time-intensive tasks such as contract remediation,” Kellie Blyth, head of Data and Technology at Baker McKenzie, said.

However, she said that there are some key differences between the GDPR and new DIFC Law, which organisations should be aware of.

“The new DIFC Law requires Controllers and Processors to appoint a DPO [data protection officer] if they carry out high-risk processing activities on a systematic or regular basis or if required to do so by the Commissioner.

“If a Controller or Processor is not required to appoint a DPO, the organisation must allocate responsibility within its organisation for oversight and compliance with its data protection obligations under the new DIFC Law (or any other applicable data protection law),” she said.

Time to act

The DPO must reside in the UAE, Blyth said unless the DPO is employed within the organisation’s group and performs a similar function for the group on an international basis.

Blyth urged organisations in the DIFC to move swiftly to review their current data processing practices and to identify where their existing data protection policies and procedures will need to be updated to reflect the requirements of the new law.

 “An important difference between the new DIFC Law and the GDPR is that DPOs are required to conduct an annual assessme

Read More

Be the first to write a comment.

Leave a Reply

GDPR

Box boosts cloud security with automated classification

Box has announced that intelligent, automated classification will soon be coming to Box Shield, its advanced security solution for protecting content in the cloud.It will now automatically scan files and classify them based on their content to help businesses detect and secure sensitive data. Box Shield is the fastest growing new product in the company’s…

Box has announced that intelligent, automated classification will soon be coming to Box Shield, its advanced security solution for protecting content in the cloud.

It will now automatically scan files and classify them based on their content to help businesses detect and secure sensitive data. Box Shield is the fastest growing new product in the company’s history and security-conscious and highly regulated organizations including NASA use it to to secure data in the cloud.

  • Secure your data on the go with one of the best secure drives
  • Keep your devices protected online with the best antivirus software
  • Also check out our roundup of the best business VPN solutions

workin

Read More

Continue Reading
GDPR

10 things to consider to ensure GDPR compliance

GDPR (General Data Protection Regulation) was mandated by the European Union and was enshrined in UK Law on 25th May 2018. It goes much further than the original UK Data Protection (of individuals) provisions applying before that date and lays down severe penalties for the officers (Directors, Owners and sometimes Managers) of businesses that do…

GDPR (General Data Protection Regulation) was mandated by the European Union and was enshrined in UK Law on 25th May 2018. It goes much further than the original UK Data Protection (of individuals) provisions applying before that date and lays down severe penalties for the officers (Directors, Owners and sometimes Managers) of businesses that do not comply. 

Fines can be as high as 4% of turnover. Widely reported data breaches have seen British Airways and Marriott Hotels handed fines totalling £300m. 

website of the Information Commissioner’s Office. 

GDPR affects BASDA (The Business Applications Software Developers Association) members both as companies which hold data, for example on their employees and customers, and as providers of business software which enables organisations to hold and process data on individuals. 

Historically almost any information could be held and maintained so long as it was not published. Now any information held about an individual must be fit for purpose (for example, to fulfill any obligations associated with providing a service) and as importantly, must be provided, if requested, to an individual. 

Below are 10 things from BASDA for a business to consider relating to GDPR.

  • Get your taxes in order with the best UK tax software

1. I am a Data Controller. Do I have to register my activities with the GDPR Registrar?

Yes. Data Controllers that hold, maintain and process personal data need to pay a data protection fee to the Information Commissioner’s Office (ICO), unless they are exempt. Currently the fee ranges between £40.00 and £2,500.

(Image credit: Wright Studio / Shutterstock)

2. Who exactly is covered by the provisions of GDPR?

Any individual that believes a Data Controller holds personal data about themselves. This includes employees; client staff; supplier staff; prospective client and supplier staff; people who are sent marketing information about own and third-party products and services etc.

  • Keep your business data secure with the best secure drives available

3. What are my obligations in respect of accessing data I hold?

Individuals have the statutory right to access any personal data a Data Controller may hold about them. This is commonly referred to as ‘subject access’. A request can be made for subject access for full disclosure of all information held by a Data Controller about themselves verbally or in writing and the business has one month to respond. Not responding with full disclosure carries severe penalties for the officers of the business. A fee is not normally chargeable to an individual who makes a request under the provisions of GDPR.

(Image credit: Alexskopje / Shutterstock)

4. What is the information that I may be required to deliver if I receive a request for subject access?

Any information that relates to the subject access, whether held in ‘electronic form’ (to be delivered in paper form), audio recordings, video recordings (then direct copies of these last two) or paper. ‘Electronic form’ includes data held in databases, files (word proccessed, spread sheets etc.) and emails (both business and private).

  • Also check out the best email service

5. How do I ensure internal compliance?

The first step is to

Read More

Continue Reading
GDPR

10 ways businesses can minimize the risk of identity theft

Identity theft has been a huge problem for a long time now, however fraudsters are now getting more sophisticated and trying to stay one step ahead.In the unprecedented midst of a pandemic, we are seeing a sharp increase in all types of fraud.  Experienced fraudsters are exploiting the current chaos and sadly we are seeing…

Identity theft has been a huge problem for a long time now, however fraudsters are now getting more sophisticated and trying to stay one step ahead.

In the unprecedented midst of a pandemic, we are seeing a sharp increase in all types of fraud.  Experienced fraudsters are exploiting the current chaos and sadly we are seeing more people turn to fraud in an attempt to boost their income.

best secure router on the market

  • We’ve built a list of the best ransomware protection around
  • Check out our list of the best malware removal services on the market
  • As an SME, it is important to discuss the risks with your customers and suppliers to increase awareness of suspicious emails and cold calls claiming to be from your business.

    All businesses are different and so your risks and exposure to identity theft will differ. Using some of the points below you should sit down and work out what risks you face, both as a business and on behalf of your customers. Where are the danger points and what can you do to stop them, or at least lessen the risk?

    Ensure you’re GDPR

    Read More

    Continue Reading
    GDPR

    DIFC brings its new data protection law in accordance with international best practice

    The DIFC Data Protection Law does not stipulate a maximum cap on fines, similar to GDPR, but gives the Commissioner discretion to impose a general fine on top of administrative fines, a leading lawyer said.Breaches of the GDPR can give rise to significant administrative fines of up to €10m or €20m or 2% or 4%…

    The DIFC Data Protection Law does not stipulate a maximum cap on fines, similar to GDPR, but gives the Commissioner discretion to impose a general fine on top of administrative fines, a leading lawyer said.

    Breaches of the GDPR can give rise to significant administrative fines of up to €10m or €20m or 2% or 4% of an organisations’ total annual worldwide turnover for the preceding financial year, depending on the provision of the law that has been breached.

    Article 62 of the law, she said grants the DIFC Authority Board of Directors the

    Read More

    Continue Reading