The new European Union (EU) data protection law - General Data Protection Regulation (GDPR)that is enforceable on all entities, within and outside the territory of European Union requires that follow entities dealing with private data of EU individuals should follow due procedures in regard to safe data handling and storage. This regulation is forcing all countries globally, including those in the Islamic countries to take special precautions. Islamic banks and financial institutions are key intermediaries fostering smooth foreign trade between Islamic and European countries. Lack of sufficiently strong data protection legislation in most of the Islamic countries is hampering conformity with GDPR. This leads to non-compliance and thereby paves way to heavy monetary penalties in the short-run and hurts business prospects with the European counties in the long-run, both of which are detrimental. This paper helps institutions in building frameworksby taking them through a series of compliance checks, build teamsto enforce standards, make knowledge repositories and to undertake necessary technical measures. Findings from this study can help Islamic companies in general and Islamic Banking & Financial institutions in particular in meeting GDPR compliance.Finally, this paper makes some key recommendations to the Governments, Regulators, Financial Institutions, Organizations and Individuals so that they can become GDPR complaint.

Abidin, M., & Nawawi, A. (2019). Customer data security and theft: a Malaysian organization’s experience. Information & Computer Security. doi:10.1108/ICS-04-2018-0043

Adequacy decisions. (2019). Adequacy decisions. Retrieved April 7, 2019, from https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en

Allam, Y. (2018). The impact of the GDPR on organisations in the UAE. Retrieved from https://www.itgovernancegulf.com/blog/the-impact-of-the-gdpr-on-organisations-in-the-uae

Bernik, J. (2018, April 12). Financial Services and GDPR: What 200 Professionals Told Us About Their Data Protection. Retrieved from Mcafee: https://securingtomorrow.mcafee.com/business/financial-services-gdpr-200-professionals-told-us-data-protection/

Biscoe, C. (2019). Qatar’s Data Privacy Law. Retrieved from https://www.itgovernancegulf.com/blog/qatars-data-privacy-law-what-gcc-organisations-need-to-know

Cave, B. (2018). CNIL Module: Complying with the EU GDPR.

Choi, J., Jeon, D.-S., & Kim, B.-C. (2019). Privacy and personal data collection with information externalities. Journal of Public Economics, 113-124. doi:10.1016/j.jpubeco.2019.02.001

ClearSwift. (2018). GDPR and the Insider Threat: How new regulations are changing our data handling habits. ClearSwift. Retrieved from https://www.clearswift.com/blog/2018/07/30/gdpr-and-insider-threat-how-new-regulations-are-changing-our-data-handling-habits

DLA Piper. (2019). Data Protection Laws of the World. Retrieved from DLA Piper Data Protection: http://www.dlapiperdataprotection.com

Dowle, C. (2019). Data protection in Dubai International Financial Centre (DIFC): Overview. Retrieved from https://uk.practicallaw.thomsonreuters.com/8-635-5552?transitionType=Default&contextData=(sc.Default)&firstPage=true&comp=pluk&bhcp=1

EY. (2018). Global banking outlook 2018. Retrieved from EY: https://www.ey.com/Publication/vwLUAssets/ey-global-banking-outlook-2018/$File/ey-global-banking-outlook-2018.pdf

Ford, N. (2018). Data protection law in the Gulf vs the EU. Retrieved from IT Governance Gulf: https://www.itgovernancegulf.com/blog/data-protection-law-in-the-gulf-vs-the-eu

Ford, R. (2018). The impacts of the GDPR on Corporate Governance practices in the GCC. LexsisNexsis. Retrieved from https://www.lexis.ae/wp-content/uploads/2018/06/GDPR-Corporate-Governance-GCC-Lexis-Nexis-ME-edit-final.pdf

Gabel, D. (2019). Cross-Border Data Transfers – Unlocking the EU General Data Protection Regulation. WhiteCase.

Garber, J. (2018). GDPR – compliance nightmare or business opportunity? Computer Fraud & Security. Retrieved from https://www.sciencedirect.com/science/article/pii/S1361372318300551

Gartner. (2017, May 13). Gartner Says Organizations Are Unprepared for the 2018 European Data Protection Regulation. Retrieved from Gartner.com: https://www.gartner.com/en/newsroom/press-releases/2017-05-03-gartner-says-organizations-are-unprepared-for-the-2018-european-data-protection-regulation

Hayes, M., & Curran. (2017). Getting Ready for the General Data Protection Regulation.

Hert, P., & Czerniawski, M. (2016). Expanding the European data protection scope beyond territory: Article 3 of the General Data Protection Regulation in its wider context. International Data Privacy Law, 6(3), 230–243. doi:https://doi.org/10.1093/idpl/ipw008

Hopps, & Paterson, S. (2018). Cyber Security United Arab Emirates - Herbert Smith Freehills. Retrieved from IT Governance: https://www.itgovernancegulf.com/eu-general-data-protection-regulation-gdpr

IMD. (2018). IMD World Digital Competitiveness Ranking 2018. IMD World Competitiveness Centre. Retrieved from https://www.imd.org/globalassets/wcc/docs/imd_world_digital_competitiveness_ranking_2018.pdf

IT Governance. (2018). Retrieved from https://www.itgovernancegulf.com/eu-general-data-protection-regulation-gdpr

Janssens, E. (2019). UAE Issues Law to Protect Health Data and Restrict Its Transfer Outside The Country. Retrieved from https://www.bakermckenzie.com/en/insight/publications/2019/03/uae-issues-law

Karam, J. (2017). Is the GCC ready for GDPR? Retrieved from https://www.commsmea.com/17510-is-the-gcc-ready-for-gdpr

LCCI. (2018). One in four London businesses unaware of new data protection regulation. London Chamber of Commerce and Industry. Retrieved from http://www.londonchamber.co.uk/news/press-releases/one-in-four-london-businesses-unaware-of-new-data/

Lsgar, S. (n.d.). Regulatory Alert (2) Healthcare & Data Privacy. Retrieved from https://bsabh.com/uae-legal-update-regulatory-alert-2-healthcare-data-privacy/

Makulilo, A. (2012). Protection of Personal Data in sub-Saharan Africa. Retrieved from https://elib.suub.uni-bremen.de/edocs/00102854-1.pdf

Malgieri, G., & Custers, B. (2017). Pricing privacy – the right to know the value of your personal data. Computer Law & Security Review. doi:10.1016/j.clsr.2017.08.006

Miglicco, G. (2018, September 9). GDPR is here and it is time to get serious. Computer Fraud & Security, pp. 9-12. doi:https://doi.org/10.1016/S1361-3723(18)30085-X

Myers, A. (2017). Top 10 operational impacts of the GDPR: Part 4 - Cross-border data transfers. IAPP. Retrieved from https://iapp.org/news/a/top-10-operational-impacts-of-the-gdpr-part-4-cross-border-data-transfers/

Natamiharja, R. (2018). A Case Study on Facebook Data Theft in Indonesia. Fiat Justisia, 206-223.

Parra-Arnau, J. (2018). Optimized, direct sale of privacy in personal data marketplaces. InformationSciences, 424, 354-384. doi:10.1016/j.ins.2017.10.009

Perry, R. (2019, January). GDPR – project or permanent reality? Computer Fraud & Security, pp. 9-11.

Prince, C. (2017). Do consumers want to control their personal data? Empirical Evidence. International Journal of Human-Computer Studies. doi:10.1016/j.ijhcs.2017.10.003

Shalhoub, L. (2017, January 31). Islamic finance sees big growth in Europe. Retrieved from ArabNews: http://www.arabnews.com/node/1046871/business-economy

Sharma, A. (2018). GCC shelling out 66% more than global average.The National. Retrieved from https://www.thenational.ae/business/technology/gcc-shelling-out-66-more-than-global-average-on-every-data-breach-gartner-says-1.783196

Taka, A. (2017). Cross-Border Application of EU’s General Data Protection Regulation (GDPR) - A private international law study on third state implications. Retrieved from http://www.diva-portal.org/smash/get/diva2:1127596/FULLTEXT01.pdf

Thompson Reuters. (2018). Islamic Finance Development: Resilient Growth. Retrieved from Thompson Reuters: https://repository.salaamgateway.com/images/iep/galleries/documents/20181125124744259232831.pdf

Vilnius University. (2017). Digitalization in Law. 6th International Conference of PhD Students and Young Researchers (p. 7). Vilnius, Lithuania: Vilnius University. Retrieved from http://lawphd.net/wp-content/uploads/2018/09/International-Conference-of-PhD-studentand-and-young-researchers-2018.pdf

WEF. (2018). Global Competitiveness Index 4.0. World Economic Forum. Retrieved from http://reports.weforum.org/global-competitiveness-report-2018/competitiveness-rankings/