The European Union’s new General Data Protection Regulation (GDPR) will also impact Middle Eastern companies that handle personal data of European residents and citizens, even if they do not have a direct presence in Europe, said Sage, a leader in cloud business management solutions.

Billed as the largest overhaul of online privacy, GDPR will come into effect across the bloc on May 25.

The GDPR sets out the minimum requirements for the treatment of all personal data. Personal data can be defined as any data identifying or relating to an individual, including physical appearance, biometric data, an individual’s record on a customer relationship management system, or even something as simple as website-tracking data collected via cookies.

It affects Middle East-based firms who will need to comply with the GDPR if they offer goods and services to individuals in the EU or track and monitor their behaviour. For example, if an e-commerce firm sells Middle East-made goods to European residents, it will be required to review processes and systems around managing and processing personal data.

Pieter Bensch, executive vice president, Africa and the Middle East at Sage, said: “The GDPR is slated to be the benchmark of global data protection and privacy regulation, and it comes at a pertinent time given the worldwide discussion about tech giants and data-handling. Middle Eastern businesses that will be impacted must start assessing the impact of GDPR on their operations, revamp their data protection processes and systems and train their employees for GDPR-compliance because it will affect various departments across an organisation.”

The penalties for non-compliance with the GDPR are up to 4 per cent of annual global turnover, or €20 million ($24.7 million), whichever is greater. Companies risk being fined even if there is no actual loss of data. Though it might seem hard in practice for the EU’s regulators to sanction Middle Eastern organisations with no assets in Europe, non-compliance could injure a company’s reputation and its ability to do business in the EU.

“Companies in the Middle East who are affected should not ignore the GDPR, which will come at a steep price. Instead, these firms should look to the new regulations positively. With data breaches in the Middle East are on the rise , GDPR-compliance stands to help businesses build stronger privacy frameworks, as well as enhance brand trust by letting customers know that you safeguard their personal data,” added Bensch. – TradeArabia News Service