Should Islamic Banking & Financial Institutions go with General Data Protection Regulation Compliance?
Abstract
The new European Union (EU) data protection law - General Data Protection Regulation (GDPR)that is enforceable on all entities, within and outside the territory of European Union requires that follow entities dealing with private data of EU individuals should follow due procedures in regard to safe data handling and storage. This regulation is forcing all countries globally, including those in the Islamic countries to take special precautions. Islamic banks and financial institutions are key intermediaries fostering smooth foreign trade between Islamic and European countries. Lack of sufficiently strong data protection legislation in most of the Islamic countries is hampering conformity with GDPR. This leads to non-compliance and thereby paves way to heavy monetary penalties in the short-run and hurts business prospects with the European counties in the long-run, both of which are detrimental. This paper helps institutions in building frameworksby taking them through a series of compliance checks, build teamsto enforce standards, make knowledge repositories and to undertake necessary technical measures. Findings from this study can help Islamic companies in general and Islamic Banking & Financial institutions in particular in meeting GDPR compliance.Finally, this paper makes some key recommendations to the Governments, Regulators, Financial Institutions, Organizations and Individuals so that they can become GDPR complaint.
Keywords
Full Text:
IJIEF 005 MandaReferences
Abidin, M., & Nawawi, A. (2019). Customer data security and theft: a Malaysian organization’s experience. Information & Computer Security. doi:10.1108/ICS-04-2018-0043
Adequacy decisions. (2019). Adequacy decisions. Retrieved April 7, 2019, from https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en
Allam, Y. (2018). The impact of the GDPR on organisations in the UAE. Retrieved from https://www.itgovernancegulf.com/blog/the-impact-of-the-gdpr-on-organisations-in-the-uae
Bernik, J. (2018, April 12). Financial Services and GDPR: What 200 Professionals Told Us About Their Data Protection. Retrieved from Mcafee: https://securingtomorrow.mcafee.com/business/financial-services-gdpr-200-professionals-told-us-data-protection/
Biscoe, C. (2019). Qatar’s Data Privacy Law. Retrieved from https://www.itgovernancegulf.com/blog/qatars-data-privacy-law-what-gcc-organisations-need-to-know
Cave, B. (2018). CNIL Module: Complying with the EU GDPR.
Choi, J., Jeon, D.-S., & Kim, B.-C. (2019). Privacy and personal data collection with information externalities. Journal of Public Economics, 113-124. doi:10.1016/j.jpubeco.2019.02.001
ClearSwift. (2018). GDPR and the Insider Threat: How new regulations are changing our data handling habits. ClearSwift. Retrieved from https://www.clearswift.com/blog/2018/07/30/gdpr-and-insider-threat-how-new-regulations-are-changing-our-data-handling-habits
DLA Piper. (2019). Data Protection Laws of the World. Retrieved from DLA Piper Data Protection: http://www.dlapiperdataprotection.com
Dowle, C. (2019). Data protection in Dubai International Financial Centre (DIFC): Overview. Retrieved from https://uk.practicallaw.thomsonreuters.com/8-635-5552?transitionType=Default&contextData=(sc.Default)&firstPage=true&comp=pluk&bhcp=1
EY. (2018). Global banking outlook 2018. Retrieved from EY: https://www.ey.com/Publication/vwLUAssets/ey-global-banking-outlook-2018/$File/ey-global-banking-outlook-2018.pdf
Ford, N. (2018). Data protection law in the Gulf vs the EU. Retrieved from IT Governance Gulf: https://www.itgovernancegulf.com/blog/data-protection-law-in-the-gulf-vs-the-eu
Ford, R. (2018). The impacts of the GDPR on Corporate Governance practices in the GCC. LexsisNexsis. Retrieved from https://www.lexis.ae/wp-content/uploads/2018/06/GDPR-Corporate-Governance-GCC-Lexis-Nexis-ME-edit-final.pdf
Gabel, D. (2019). Cross-Border Data Transfers – Unlocking the EU General Data Protection Regulation. WhiteCase.
Garber, J. (2018). GDPR – compliance nightmare or business opportunity? Computer Fraud & Security. Retrieved from https://www.sciencedirect.com/science/article/pii/S1361372318300551
Gartner. (2017, May 13). Gartner Says Organizations Are Unprepared for the 2018 European Data Protection Regulation. Retrieved from Gartner.com: https://www.gartner.com/en/newsroom/press-releases/2017-05-03-gartner-says-organizations-are-unprepared-for-the-2018-european-data-protection-regulation
Hayes, M., & Curran. (2017). Getting Ready for the General Data Protection Regulation.
Hert, P., & Czerniawski, M. (2016). Expanding the European data protection scope beyond territory: Article 3 of the General Data Protection Regulation in its wider context. International Data Privacy Law, 6(3), 230–243. doi:https://doi.org/10.1093/idpl/ipw008
Hopps, & Paterson, S. (2018). Cyber Security United Arab Emirates - Herbert Smith Freehills. Retrieved from IT Governance: https://www.itgovernancegulf.com/eu-general-data-protection-regulation-gdpr
IMD. (2018). IMD World Digital Competitiveness Ranking 2018. IMD World Competitiveness Centre. Retrieved from https://www.imd.org/globalassets/wcc/docs/imd_world_digital_competitiveness_ranking_2018.pdf
IT Governance. (2018). Retrieved from https://www.itgovernancegulf.com/eu-general-data-protection-regulation-gdpr
Janssens, E. (2019). UAE Issues Law to Protect Health Data and Restrict Its Transfer Outside The Country. Retrieved from https://www.bakermckenzie.com/en/insight/publications/2019/03/uae-issues-law
Karam, J. (2017). Is the GCC ready for GDPR? Retrieved from https://www.commsmea.com/17510-is-the-gcc-ready-for-gdpr
LCCI. (2018). One in four London businesses unaware of new data protection regulation. London Chamber of Commerce and Industry. Retrieved from http://www.londonchamber.co.uk/news/press-releases/one-in-four-london-businesses-unaware-of-new-data/
Lsgar, S. (n.d.). Regulatory Alert (2) Healthcare & Data Privacy. Retrieved from https://bsabh.com/uae-legal-update-regulatory-alert-2-healthcare-data-privacy/
Makulilo, A. (2012). Protection of Personal Data in sub-Saharan Africa. Retrieved from https://elib.suub.uni-bremen.de/edocs/00102854-1.pdf
Malgieri, G., & Custers, B. (2017). Pricing privacy – the right to know the value of your personal data. Computer Law & Security Review. doi:10.1016/j.clsr.2017.08.006
Miglicco, G. (2018, September 9). GDPR is here and it is time to get serious. Computer Fraud & Security, pp. 9-12. doi:https://doi.org/10.1016/S1361-3723(18)30085-X
Myers, A. (2017). Top 10 operational impacts of the GDPR: Part 4 - Cross-border data transfers. IAPP. Retrieved from https://iapp.org/news/a/top-10-operational-impacts-of-the-gdpr-part-4-cross-border-data-transfers/
Natamiharja, R. (2018). A Case Study on Facebook Data Theft in Indonesia. Fiat Justisia, 206-223.
Parra-Arnau, J. (2018). Optimized, direct sale of privacy in personal data marketplaces. InformationSciences, 424, 354-384. doi:10.1016/j.ins.2017.10.009
Perry, R. (2019, January). GDPR – project or permanent reality? Computer Fraud & Security, pp. 9-11.
Prince, C. (2017). Do consumers want to control their personal data? Empirical Evidence. International Journal of Human-Computer Studies. doi:10.1016/j.ijhcs.2017.10.003
Shalhoub, L. (2017, January 31). Islamic finance sees big growth in Europe. Retrieved from ArabNews: http://www.arabnews.com/node/1046871/business-economy
Sharma, A. (2018). GCC shelling out 66% more than global average.The National. Retrieved from https://www.thenational.ae/business/technology/gcc-shelling-out-66-more-than-global-average-on-every-data-breach-gartner-says-1.783196
Taka, A. (2017). Cross-Border Application of EU’s General Data Protection Regulation (GDPR) - A private international law study on third state implications. Retrieved from http://www.diva-portal.org/smash/get/diva2:1127596/FULLTEXT01.pdf
Thompson Reuters. (2018). Islamic Finance Development: Resilient Growth. Retrieved from Thompson Reuters: https://repository.salaamgateway.com/images/iep/galleries/documents/20181125124744259232831.pdf
Vilnius University. (2017). Digitalization in Law. 6th International Conference of PhD Students and Young Researchers (p. 7). Vilnius, Lithuania: Vilnius University. Retrieved from http://lawphd.net/wp-content/uploads/2018/09/International-Conference-of-PhD-studentand-and-young-researchers-2018.pdf
WEF. (2018). Global Competitiveness Index 4.0. World Economic Forum. Retrieved from http://reports.weforum.org/global-competitiveness-report-2018/competitiveness-rankings/
DOI: https://doi.org/10.18196/ijief.2117
Refbacks
- There are currently no refbacks.
Copyright (c) 2019 International Journal of Islamic Economics and Finance (IJIEF)
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
International Journal of Islamic Economics and Finance (IJIEF)
International Program for Islamic Economics and Finance
Department of Economics
Faculty of Economics and Business
Universitas Muhammadiyah Yogyakarta
Pascasarjana Building, Ground Floor
Jl. Brawijaya (Ringroad Selatan), Kasihan, Bantul
D.I. Yogyakarta 55183, INDONESIA
Official email: ijief@umy.ac.id