IAA Workshop raises awareness of the new GDPR law and potential risks

Dubai, 11 November, 2018: The role of internal auditors is more important than ever after the introduction of General Data Protection Regulation (GDPR) by the European Union as they can reduce risks as well as add value to the businesses by protecting the data that will give confidence to business partners.

This was highlighted by industry specialists during a workshop on ‘GDPR and the role of Internal Auditors’ organised by UAE Internal Auditors Association (IAA) in association with Gulf Tax Accounting Group and Business Improvement Group and how UAE companies will be affected by the new data protection regulation.

Introduced on May 25, 2018, GDPR is a new set of rules to give EU citizens more control over their personal data as well as put people in more control over their privacy. It simplifies the regulatory environment for business so both citizens and businesses in the EU can fully benefit from the digital economy. Failure to comply from 25th May 2018 may result in a fine of up to 20 million euros or 4 per cent of worldwide turnover, whichever is greater.

Commenting on the workshop, Abdulqader Obaid Ali, Chairman, UAE Internal Auditors Association, said, “GDPR is a very powerful new legislation and I believe that the Internal Auditing community has greatly benefited from the sessions of the workshop. Speakers have covered almost every aspect of the new European legislation, which came into force earlier this year. The workshop will allow the participating internal auditors to identify the gaps in their client’s compliance programme, ensure strict & safe gathering of data and protect it from misuse.”

Earlier, Business Improvement Group partners Bill Anderson and Pete Mahon conducted the workshop, which was attended by a significant number of IAA members. Both partners put the spotlight on GDPR’s implications for businesses in the UAE and how it redefines the role of the Internal Auditors. 
Additionally, they talked about Internal Audit’s key role in guiding company strategy for privacy protection, working hand-in-hand with the Data Protection Officers, and raising awareness of the new GDPR law & potential risks.

Pete Mahon, Partner at Business Improvement Group, said, “Our sessions are designed for risk, compliance and audit functions to understand more about the effects of GDPR to help them understand where it applies throughout their organisations and worldwide. GDPR is not just important for UAE companies, it’s important for companies globally.”

GDPR applies to all organisations holding and processing personal data of EU citizens', regardless of geographic location, and non-EU citizens residing in the EU. Largest impact will be on firms whose business models rely on acquiring and exploiting consumer data at scale. There are no exemptions for small businesses – in fact smaller businesses will be the least prepared.

Bill Anderson, Managing Partner at Business Improvement Group, said, “Our goal is purely to educate the businesses about every aspect of the GDPR. The key thing is that if businesses manage data properly they will win more business as the data is the new gold in today’s business. There is no ‘one size fits all’ approach as each business will need to examine what exactly needs to be achieved to comply and who is responsible for data protection.”

Mr. Anderson mentioned that breach of data is a big issue for large organisations too as it will damage their reputation if it comes in to the media. They gave recent examples of data breaches in the aviation industry where data of 9.4 million customers of Cathay Pacific compromised in October 2018. 
British Airways also confirmed that personal details of hundreds of thousands of its customers were stolen in a data breach in September 2018.