The Abu Dhabi Global Market (ADGM) Office of Data Protection has taken part in the annual Global Privacy Enforcement Network (GPEN) intelligence gathering operation, or ‘Sweep’, to evaluate the implementation of core principles of privacy accountability in organisations across the globe.
GPEN is a global network of privacy enforcement authorities collaborating to promote cooperation in cross-border enforcement of laws protecting privacy formed in 2010 at the recommendation of the Organisation for Economic Co-operation and Development (OECD). The GPEN Sweep, an annual review conducted by GPEN members, aims at encouraging compliance with privacy regimes and enhancing cooperation between international privacy enforcement authorities. ADGM is the only member of the GPEN in the Arabian Gulf region and this marks the first participation in the Sweep of a country in the region.
In line with this year’s theme of privacy accountability, the Sweep looked at how well organisations have taken responsibility for complying with data protection laws. ADGM was one of the 18 GPEN members from around the world who participated in the Sweep by reviewing the data protection arrangements of over 350 organisations.
Each GPEN member conducted the study on organisations in their own jurisdiction. The consolidated findings indicated that most organisations surveyed had monitoring programmes in place and were good at providing data protection training to staff but failed to offer refresher training to existing staff. Overall, at the international level the findings suggest that most organisations have a good understanding of the basic concepts of accountability, but in practice there is a lot of room for improvement.
ADGM’s Office of Data Protection has today published a report on its findings at the local level from the review of a sample of ADGM registered businesses. According to the findings, 90% of businesses in ADGM were found to be very good or satisfactory with regards to maintaining a privacy framework and having a person responsible for data protection. However, improvement is needed on implementing or making privacy policies accessible to the public, as well as ongoing staff training and data breach handling.
Dhaher Bin Dhaher Al Mheiri, CEO of the ADGM Registration Authority, said “As a leading international financial centre, we are very proud to be a part of a globally reputable network like GPEN that places great importance on international cooperation among data protection authorities. At ADGM, we are committed to working collaboratively with the entities registered at ADGM to achieve high standards in privacy and data protection. We do this by promoting open discussion and dialogue with ADGM entities to raise awareness on data protection requirements and the privacy rights of individuals. Our focus on data protection is in line with our objective to build a trusted, secure and holistic business ecosystem, to further raise the business profile of the capital of the UAE and continue to attract the best local and international businesses.”
Based on the insights gained from the review, ADGM will be able to take measures, such as focussing on education and outreach efforts in the areas of weakness, in order to improve data protection compliance among its licensed persons.
The full report will be published at the Data Protection in the Middle East event hosted by ADGM on 12th March. This event will cover the latest data protection developments and challenges both regionally and locally. Distinguished speakers from Etihad Airways, PwC, FAB, and One Trust, together with ADGM’s Office of Data Protection, will discuss and share insights on a wide range of topics related to data protection.
Click here to access the Office of Data Protection Thematic Review Report on Privacy Accountability.