General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is a new European data protection regulation adopted by the EU Commission. It replaces the EU Data Protection Directive, also known as Directive 95/46/EC. The GDPR becomes effective on May 25, 2018 and will strengthen security of and regulate personal data in the broadest sense. The GDPR applies to both individuals and businesses and regulates the way in which personal data of citizens in the European Union should be handled.

We would like to provide you with answers to some of the questions that we hear time and time again from our customers. We also want to provide an update on what BIOS Middle East has done to ensure that we will be ready for GDPR and what services we offer to our customers to help them meet their compliance obligations.

FAQs about the upcoming General Data Protection Regulation (GDPR)

When it comes to customer data, is BIOS Middle East a controller or a processer?
Under the GDPR, a “controller” determines why and how personal data is processed. A “processor” processes personal data on behalf of the controller. BIOS Middle East has limited knowledge of the data that each customer processes via the hosting infrastructure (“Customer Data”). Also, BIOS Middle East only processes Customer Data in accordance with the customer’s instructions. Therefore, BIOS Middle East is a processor of Customer Data hosted on BIOS Middle East Cloud (CloudHPT) infrastructure; the customer is a controller.

Will GDPR change the way BIOS Middle East treats customer data?
BIOS Middle East continues to treat customer data with the required level of sensitivity and confidentiality. Our cloud is built to and audited to, a Cisco Validated Secure Designed called Cisco Powered. In addition it resides in  PCI compliant Datacenters and has serval ISO accreditation including 27001.

BIOS Middle East will continue to invest in the security of its customer solutions to ensure it remains compliant with applicable legislation.

With the new GDPR, can an EU customer continue to host personal data outside of the EU/EEA?
Provided certain legal mechanisms are in place, EU customers can host personal data outside of the EU. Personal data may be transferred outside of the EU and the EEA when an adequate level of protection for that data is guaranteed.

For this reason BIOS Middle East is committed to delivering GDPR compliant solutions even though we are based in the Middle East and India.

Will the Data Protection laws/GDPR apply to the UAE?

GDPR regulation aims to enhance the ability of EU citizens to exercise rights over their personal information and imposes stricter requirements on all business activities involving data. It will impact all companies in the Middle East, and anywhere else in the world, that trade with EU-based businesses or are offering products or services to EU-based individuals.

Do you ever transfer my data outside the UAE?

We may store personal data such as email, phone number on CRM’s such as salesforce, this data will reside outside the UAE.

We will NEVER transmit your company data we are processing outside the UAE unless you specifically request us to – example use cases for this might include hosting email with one of our partners like Microsoft (office 365).

What services does BIOS Middle East offer to help me comply with GDPR?

First, review the GDPR to determine whether it applies to your organization. If GDPR applies, make sure that you implement appropriate technical and organizational measures to ensure and demonstrate that any data processing is performed in compliance with GDPR.

We work with GDPR specialists to determine how it might apply to you, how you can comply from a process and technology perspective. We also offer scanning services for detecting personal data on your systems you may not be aware of.