Data protection in the banking and financial sector in the UAE
The Middle East is one of the fastest-growing finance hubs in the world. UAE’s banking and financial sector services have transformed immensely in the past few years.
However, since the pandemic, the number of cyber-attacks in the UAE has increased substantially. The banking and financial sector organizations are a preferred target for ransomware attacks and phishing scams.
But did you know that most cyber attackers steal more than just money? In the hostile threat landscape, financial and personal data, including payment details, are more at risk.
Here’s what you should know about data protection in the banking and financial sector of the UAE:
Consumer Data Protection Regulations
In the interest of enhancing data protection, UAE has taken positive steps in the past year. The Dubai International Financial Centre (DIFC) updated the Data Protection Law 2020. The Abu Dhabi Global Market (ADGM) also introduced new Data Protection Regulations 2021.
The Central Bank of the UAE (CBUAE) issued its Consumer Protection Regulation (CPR) and supporting Consumer Protection Standards (CPS). These regulations are a part of a Financial Consumer Protection Regulatory Framework and align with global data protection best practices.
The Data Management Control Framework encompasses all aspects of consumer data handling. It includes
- Collection,
- Classification,
- Storage,
- Usage,
- Transfer,
- Protection,
- Correction, and
- Destruction of personal data
The institutions must educate consumers about the importance of their consent and their right to provide or refuse consent to share personal data.
The articles in CPR promote consumer data and asset protection through:
- Data minimization: Reducing consumer data collection
- Accountability: Establishing functions responsible for consumer data management and protection against misuse, breach and unauthorized processing and analysis
- Storage limitation: Specifying duration of record keeping and data retention
- Data security: Establishing appropriate monitoring and security measures to track data breaches
- Establishing transparency in data breach notification to the Central Bank
Consumer Data Retention and Destruction
Retention and destruction of personal data are pivotal to consumer data protection. The CPS directs secure retention of all personal data and records for a minimum of 5 years. After five years, institutions must permanently delete or destroy all information and assets collected and processed.
Banking and financial institutions must perform secure data destruction of information that is no longer required or no longer required by law. Outsourcing your data shredding to EndoShred gives you the advantage of assured security with on-site data destruction and shredding. We provide secure shredding services for documents, electronic media like hard drives, media tapes, CDs/DVDs, etc., and other speciality materials like credit/debit cards, uniforms, promotional merchandise, etc.
For inquiries about Endoshred’s shredding services near you, contact us at +971 4 4310337
Source:https://whitelabelconsultancy.com/2021/05/a-new-data-protection-regime-for-uae-banks/