By : Amir Taha

With data breaches and cyberattacks on the rise globally, now is the time for organizations in the Middle East to make meaningful change that can protect their businesses from long-term consequences, according to a guide published this month by Marsh, a business of Marsh McLennan (NYSE: MMC) and the world’s leading insurance broker and risk advisor, with global law firm Clyde & Co.

With an increased push across the region to strengthen cyber protection and to align with international best practices, some regional jurisdictions are issuing new, standalone data protection laws for the first time, while others are updating existing laws to align with international standards.

Some recent regional developments include that the UAE, KSA, Oman, Jordan and Egypt have issued standalone personal data protection laws, which are at varying stages of implementation and practical application. Similarly, Qatar and Bahrain have updated their already existing laws to align with international best practice. Kuwait has also issued a new data protection regulation in addition to its existing laws and regulations that touch upon data protection.

“It is imperative that organizations keep abreast of rapidly evolving legislation that impacts how they collect, process, transfer, store, and use data,” says Simon Bell, Managing Director, Cyber Practice Leader, IMEA, Marsh. “With the increasing globalization of many organizations and the fact the impact of cyber incidents can often span several jurisdictions, notification obligations may be triggered in several countries at the same time. Our new guide provides a comprehensive overview of recent developments in the Middle East and the main incident-related notification obligations for data controllers and processors.”

Bell adds that the ‘Middle East Data Protection Guide’ includes a three-step action plan for companies getting to grips with the new legislation. In terms of the plan, companies need to establish a data protection framework, implement relevant controls, and educate their teams on a regular basis.

Oliva Darlington, Partner & Middle East Cyber Insurance Lead, Clyde & Co, added, “We are at a real turning point for data protection legislation in the region. Historically, the data protection laws across the GCC countries and the wider Middle East have been spread across a patchwork of legislation and there has been limited enforcement of those laws. The new and revised standalone data protection laws across the region provide prescriptive requirements for compliance and a clear framework for enforcement, which means that local organisations will have to move data protection compliance to the top of their list of priorities. Likewise, due to the extra-territorial effect of the laws, international businesses which operate in the region, will need to be on top of the changes to avoid being penalised by the local regulators.”