Clifford Chance
Processing personal data of EU residents from the MENA? GDPR applies to you
20 February 2018
The EU’s General Data Protection Regulation ((EU) 2016/679) (GDPR) comes into effect on 25 May 2018. It is a sweeping EU data privacy law with broad extraterritorial effect that can impact companies in the MENA region which process data of individuals resident in the EU. Companies that fail to comply with GDPR can face fines of EUR20 million or up to 4% of global revenue.
The GDPR significantly expands the obligations of non-EU companies that process personal data of individuals resident in the EU. "Personal data” is broadly defined under the GDPR and can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address through which a person can be identified.
In this briefing we discuss how the GDPR can affect companies in the MENA, what its key requirements are and what you can do to protect your business.
