Earlier this month, the UAE announced plans to introduce a new Data Law, designed to address increasing concerns over the privacy of people and organisations and limit entities profiting from personal data.
Omar al Olama, minister of state whose portfolio covers artificial intelligence, digital economy and remote work, said the new law would also allow people to control how their personal data is used, stored and shared.
Launched as a key element in the UAE’s ‘Projects of the 50’ campaign, he said the law will “take into consideration every single data registration on the planet and work with the private sector to ensure that our mindset of being a global country, a country that develops companies, scales them up and takes them to global leadership, is going to be continued”.
Main hub in Bahrain will serve all member states of the Arab League and is seen as a key driver behind the Gulf’s overall digital economy transformation efforts, serving both government and private sector entities
In an exclusive interview with Arabian Business, Nader Henein, VP analyst at Gartner, talks through what the new law will mean for the UAE and wider Middle East region.
What does this new initiative mean for enterprises and residents?
The announcement of the UAE Data Law marks a critical step both for businesses in the UAE as well as residents. It will give businesses a competitive advantage in a trillion-dollar data economy by aligning their practices with global standards, given a minimal cost of compliance.
As for residents, they will receive consumer privacy rights similar to those under GDPR and far beyond those available to most US citizens.
How can it impact the Middle East in terms of data privacy and privacy regulations?
The Middle East’s privacy journey is at its start. Bahrain introduced privacy regulations in 2019; the UAE will take the next big step in 2022 when the Data Law is expected to take effect. We expect to see other countries in the GCC continue this march, potentially with Saudi Arabia next.
Nader Henein, VP analyst at Gartner.
For organisations, what needs to be done to have a competitive data protection regime? How can they protect customer details, transaction records and employee profiles?
Organisations should start with a discovery exercise, assessing what personal information they hold, associating that information with a well-defined purpose when possible, deleting it otherwise.
Organisations across the UAE will be required to deliver a set of privacy rights to its residents. These rights form part of what Gartner refers to as a privacy user experience or privacy UX. Individuals will gain transparency as to what information is held by an organisation, how it is used and grants them some control to manage their preferences, rectify errors and, at an extreme, have their information deleted.
For individuals, how can they keep their personal data safe?
Individuals should take advantage of these newfound rights and exercise them as they see fit to hold organisations accountable to a higher standard of data handling. Furthermore, we expect to see a regulatory structure emerge where individuals will be able to file complaints when they believe their requests are not properly addressed.