Picture this – you’re at your laptop, planning your next holiday destination and within minutes, ads from different airline companies and hotels appear across your browser.  It’s enough to make you wonder – just how private is your data?

As we commemorate Data Privacy Day, it would be remiss to ignore that the increasing need to ensure data privacy has fundamentally changed the way we do business and is certainly a concern amongst the international business community.

In recent years, data privacy and security has hit the news across the globe. Businesses have heard and perhaps even had to digest buzzwords such as “right to be forgotten” and “web scraping”.  They have also had to sort through various news stories about cyber-security breaches involving some very big collectors of personal data, including Facebook, Yahoo, Uber, most recently Marriott, and the list goes on.  In response, Silicon Valley giants such as Apple CEO Tim Cook have called for regulatory reform in the US to parallel existing privacy laws like the General Data Protection Regulation (GDPR).

In May 2018, we saw the GDPR become enforceable. While it stems from the EU, it has affected every company that trades with the bloc or has EU data subjects as customers.

However, many businesses around the world are still grappling with how to balance their legitimate needs to process personal information with the importance of upholding an individual’s right to privacy.

“By 2020, there will be an estimated 24 billion internet-connected devices globally – which is more than four devices for every person.”

Technological developments have made our lives easier, but that should not come at the expense of an individual’s privacy. Companies not only risk incurring financial loss by having to pay hefty fines and mitigate damage caused by breaches, but also further risk to the bottom line through reputational damage. In fact, according to the Centre for Strategic and International Studies, cybercrime alone costs the global economy more than USD 600 billion a year, equivalent to nearly one percent of global GDP.

Governments, regulators and businesses are taking note and are developing legislation that contains globally-accepted data protection principles to bring transparency to consumer data, from consumer devices to enterprise websites and data servers.

What does all this mean to the financial services industry, and indeed to the DIFC?

Data privacy is of particular significance to our sector. The volume of sensitive information that we have to manage about clients and employees based in the DIFC continues to grow exponentially as digital transformation revolutionises the industry. As such, banks are an obvious target for cybercrime. Therefore, as a sector we need to be fully aware and cognisant that any information shared with third parties is kept secure and does not violate an individual’s privacy.

Regulations such as Basel III introduces a set of international reform measures developed to improve the banking sector's ability to absorb shocks arising from financial and economic stress, improve risk management, promote data integrity, accuracy and security, and strengthen transparency.

Such international regulations are complementary to the best practices the DIFC has put in place across its growing world class regulatory platform. We encourage the businesses that set up in the Centre to apply these practices as well.  For example, the current DIFC Data Protection Law not only ensures individuals’ rights to control what happens to their personal data in an increasingly digital and online world, it empowers companies to undertake better business practices through ethical, responsible personal data management.

At a point in time where the DIFC is seeking to innovate and expand, this is also reflected in the continuous enhancement of our legal infrastructure.  The DIFC Data Protection Law will be part of this exciting time.  It will be updated to further underpin data subjects’ rights through transparency and accountability while allowing for technology growth and innovation. Balancing the legitimate needs of DIFC businesses with the importance of upholding an individual’s right to privacy is one of our top priorities.

As technological innovations continue to transform how people carry out their financial transactions, everyone within the financial services industry must understand that data privacy and security is integral to the success of their businesses. 

Written by Jacques Visser

Jacques Visser heads the Legal Affairs division of the DIFC Authority. In addition, he holds the position of Secretary to the DIFC Higher Board and the Boards of the DIFC Authority and DIFC Investments LLC. Mr. Visser also currently serves as DIFC’s Security Registrar and Commissioner of Data Protection.