Should Islamic Banking & Financial Institutions go with General Data Protection Regulation Compliance?

Vijaya Kittu Manda, Radwan Eskhita


The new European Union (EU) data protection law - General Data Protection Regulation (GDPR)that is enforceable on all entities, within and outside the territory of European Union requires that follow entities dealing with private data of EU individuals should follow due procedures in regard to safe data handling and storage. This regulation is forcing all countries globally, including those in the Islamic countries to take special precautions. Islamic banks and financial institutions are key intermediaries fostering smooth foreign trade between Islamic and European countries. Lack of sufficiently strong data protection legislation in most of the Islamic countries is hampering conformity with GDPR. This leads to non-compliance and thereby paves way to heavy monetary penalties in the short-run and hurts business prospects with the European counties in the long-run, both of which are detrimental. This paper helps institutions in building frameworksby taking them through a series of compliance checks, build teamsto enforce standards, make knowledge repositories and to undertake necessary technical measures. Findings from this study can help Islamic companies in general and Islamic Banking & Financial institutions in particular in meeting GDPR compliance.Finally, this paper makes some key recommendations to the Governments, Regulators, Financial Institutions, Organizations and Individuals so that they can become GDPR complaint.


GDPR; GDPR compliance; Data Protection Laws; data privacy

Full Text:

IJIEF 005 Manda


Abidin, M., & Nawawi, A. (2019). Customer data security and theft: a Malaysian organization’s experience. Information & Computer Security. doi:10.1108/ICS-04-2018-0043

Adequacy decisions. (2019). Adequacy decisions. Retrieved April 7, 2019, from

Allam, Y. (2018). The impact of the GDPR on organisations in the UAE. Retrieved from

Bernik, J. (2018, April 12). Financial Services and GDPR: What 200 Professionals Told Us About Their Data Protection. Retrieved from Mcafee:

Biscoe, C. (2019). Qatar’s Data Privacy Law. Retrieved from

Cave, B. (2018). CNIL Module: Complying with the EU GDPR.

Choi, J., Jeon, D.-S., & Kim, B.-C. (2019). Privacy and personal data collection with information externalities. Journal of Public Economics, 113-124. doi:10.1016/j.jpubeco.2019.02.001

ClearSwift. (2018). GDPR and the Insider Threat: How new regulations are changing our data handling habits. ClearSwift. Retrieved from

DLA Piper. (2019). Data Protection Laws of the World. Retrieved from DLA Piper Data Protection:

Dowle, C. (2019). Data protection in Dubai International Financial Centre (DIFC): Overview. Retrieved from

EY. (2018). Global banking outlook 2018. Retrieved from EY:$File/ey-global-banking-outlook-2018.pdf

Ford, N. (2018). Data protection law in the Gulf vs the EU. Retrieved from IT Governance Gulf:

Ford, R. (2018). The impacts of the GDPR on Corporate Governance practices in the GCC. LexsisNexsis. Retrieved from

Gabel, D. (2019). Cross-Border Data Transfers – Unlocking the EU General Data Protection Regulation. WhiteCase.

Garber, J. (2018). GDPR – compliance nightmare or business opportunity? Computer Fraud & Security. Retrieved from

Gartner. (2017, May 13). Gartner Says Organizations Are Unprepared for the 2018 European Data Protection Regulation. Retrieved from

Hayes, M., & Curran. (2017). Getting Ready for the General Data Protection Regulation.

Hert, P., & Czerniawski, M. (2016). Expanding the European data protection scope beyond territory: Article 3 of the General Data Protection Regulation in its wider context. International Data Privacy Law, 6(3), 230–243. doi:

Hopps, & Paterson, S. (2018). Cyber Security United Arab Emirates - Herbert Smith Freehills. Retrieved from IT Governance:

IMD. (2018). IMD World Digital Competitiveness Ranking 2018. IMD World Competitiveness Centre. Retrieved from

IT Governance. (2018). Retrieved from

Janssens, E. (2019). UAE Issues Law to Protect Health Data and Restrict Its Transfer Outside The Country. Retrieved from

Karam, J. (2017). Is the GCC ready for GDPR? Retrieved from

LCCI. (2018). One in four London businesses unaware of new data protection regulation. London Chamber of Commerce and Industry. Retrieved from

Lsgar, S. (n.d.). Regulatory Alert (2) Healthcare & Data Privacy. Retrieved from

Makulilo, A. (2012). Protection of Personal Data in sub-Saharan Africa. Retrieved from

Malgieri, G., & Custers, B. (2017). Pricing privacy – the right to know the value of your personal data. Computer Law & Security Review. doi:10.1016/j.clsr.2017.08.006

Miglicco, G. (2018, September 9). GDPR is here and it is time to get serious. Computer Fraud & Security, pp. 9-12. doi:

Myers, A. (2017). Top 10 operational impacts of the GDPR: Part 4 - Cross-border data transfers. IAPP. Retrieved from

Natamiharja, R. (2018). A Case Study on Facebook Data Theft in Indonesia. Fiat Justisia, 206-223.

Parra-Arnau, J. (2018). Optimized, direct sale of privacy in personal data marketplaces. InformationSciences, 424, 354-384. doi:10.1016/j.ins.2017.10.009

Perry, R. (2019, January). GDPR – project or permanent reality? Computer Fraud & Security, pp. 9-11.

Prince, C. (2017). Do consumers want to control their personal data? Empirical Evidence. International Journal of Human-Computer Studies. doi:10.1016/j.ijhcs.2017.10.003

Shalhoub, L. (2017, January 31). Islamic finance sees big growth in Europe. Retrieved from ArabNews:

Sharma, A. (2018). GCC shelling out 66% more than global average.The National. Retrieved from

Taka, A. (2017). Cross-Border Application of EU’s General Data Protection Regulation (GDPR) - A private international law study on third state implications. Retrieved from

Thompson Reuters. (2018). Islamic Finance Development: Resilient Growth. Retrieved from Thompson Reuters:

Vilnius University. (2017). Digitalization in Law. 6th International Conference of PhD Students and Young Researchers (p. 7). Vilnius, Lithuania: Vilnius University. Retrieved from

WEF. (2018). Global Competitiveness Index 4.0. World Economic Forum. Retrieved from


Article Metrics

Abstract view : 141 times
IJIEF 005 Manda - 47 times


  • There are currently no refbacks.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

International Journal of Islamic Economics and Finance (IJIEF)
International Program for Islamic Economics and Finance 
Department of Economics  
Faculty of Economics and Business
Universitas Muhammadiyah Yogyakarta

Pascasarjana Building, Ground Floor
Jl. Brawijaya (Ringroad Selatan), Kasihan, Bantul
D.I. Yogyakarta 55183, INDONESIA
Official email: