The European Parliament and Council passed a regulation (EU) 2016/679 to refresh the data and privacy protection laws for European Union States. The new regulation is commonly known as the General Data Protection Regulation (GDPR) and came into effect on 25 May 2018. The GDPR has defined the rights of EU individuals relating to how their data is collected, stored, processed and used by organisations. Any organisation that handles the data of any EU citizen is bound by the provisions of the GDPR. This regulation is applicable globally and fines of up to 4% of worldwide turnover or 20 million euros (whichever is greater) will be levied on businesses breaching them. GCC organisations and businesses need to consider whether they collect, store, process or control any data for EU citizens and revise their own governance and enterprise risk management frameworks to comply with the GDPR provisions.

Read full article here.