Emirates: Data privacy has become the primary focus of businesses in the UAE following the implementation of the General Data Protection Regulation (GDPR) in Europe last month. Most firms and business groups are aware about the sensitivity of the issue and have been taking necessary measures to ensure compliance with the new regulations, say experts.

The GDPR, which aims to reduce the effects of data breaches, has been anticipated to affect 28 million companies worldwide. There is a growing awareness about GDPR across the UAE and most firms are in the process of acquiring BS 10012 certification, a specifically designed standard which mirrors requirements of GDPR. Those who violate GDPR will have to pay heavy fines up to ?20 million.

"The number of Google searches of the term GDPR has increased by 100 per cent in the past five months. It is rather surprising that GDPR was a relatively unknown topic in the region up until three months ago," Ali Shabdar, evangelist, Zoho Corp, said.

For organisations in the Middle East, GDPR represents a significant change as there is no specific legal framework to ensure data protection across GCC states. Analysts have warned that businesses in general and the airline and hospitality sectors in particular should be vigilant about GDPR implications in the coming months.

"The implementation of the GDPR on May 25 affects both Emirates and dnata, and we have been preparing for it since August 2017 to ensure full compliance," an Emirates spokesperson told Khaleej Times.

Scott Manson, cybersecurity lead for Middle East and Africa at Cisco, said the telecom, insurance, financial services, hospitality, cloud service providers and businesses using cookies or other means of tracking behaviour should be more vigilant about GDPR implications.

"Even if a Middle East business does not have an EU presence, but targets or monitors EU individuals, then it should understand the impact of GDPR and consider how it will approach compliance," he said.

Barry Scott, chief technology officer for Europe, Middle East and Africa at Centrify, said GDPR fines can be significant. There are two levels of potential fine, depending on the seriousness of the offence.

"The first level of fine is up to ?10 million or two per cent of annual global turnover, whichever is highest. For more serious offences, the fine can be up to ?20 million or four per cent of annual global turnover, whichever is highest," Scott said.

Latest data indicates that the UAE has emerged as one of the largest trading partners of the European Union. The UAE was the seventh largest destination for EU products in 2017 with total trade amounting to ?52.6 billion.

"The EU is one of the UAE's largest trading partners. This makes it even more important for companies from the emirates to consider GDPR compliance," Joanne Fischlin, head of corporate, external and legal affairs, Microsoft Gulf, told Khaleej Times.

Foreign investments in the EU are worth about 36 per cent of the GDP produced annually on its territory and they directly support 7.6 million jobs. EU investments abroad are worth about 46 per cent of the GDP produced annually and directly support 14.4 million jobs abroad.

"The GDPR is the first of a wave of data protection legislation that we will see start appearing across different regions, particularly as data subjects - the people whose data is being collected - become more aware of what is happening in other parts of the world," Patrick Grillo, senior director, solutions marketing at Fortinet, said.