The EU’s General Data Protection Regulation (“GDPR”) replaces the Data Protection Directive 95/46/EC and is designed to safeguard people’s personal information by harmonising data privacy laws across the EU.
As of 25 May 2018, individuals now have the right to demand that a company reveals or deletes personal data that the company holds about them. Regulators now have powers to enforce their decisions with penalties.
The GDPR also addresses the export of personal data outside the EU. Even entities operating beyond the EU, such as those in Oman, could be affected.
The GDPR applies to personal data, including names, addresses, emails, etc. and also IP addresses. Most companies of whatever description are likely to have databases of personal information relating to clients, employees, and suppliers - all of which information will potentially be covered by the GDPR.
The GDPR would apply to a company operating in Oman if the company:
(a) has a branch, subsidiary or any representative in the EU;
(b) offers any goods or services to persons located in the EU; and/or
(c) monitors the online behaviour of persons located in the EU.
The GDPR sets out how companies must deal with the data they collect. Breaches of data confidentiality must be disclosed within 72 hours of discovery of the breach. Sensitive data cannot be used by organisations when deciding on a course of action. Sending out mass marketing emails to people that have not actively subscribed to receive them is also not permitted.
An organisation that violates the rules could face fines of up to 4% of their global annual revenue or €20 million (approximately OMR 8.77 million), whichever is greater.
Companies that may fall within the ambit of the GDPR should review their policies in relation to:
(a) protecting and managing personal data;
(b) reporting breach incidents within 72 hours; and
(c) determining who will take the lead role in data protection and privacy - the executive
management, the board, the chief information security officer or a data protection officer.
Companies that might be affected should:
(a) establish transparent and easily accessible privacy and data protection policies and procedures;
(b) review and update all existing contracts with data processors and customers to provide for more stringent data protection and consent clauses;
(c) create a framework for accountability by monitoring, reviewing and assessing data processing activities;
(d) evaluate insurance policies to ensure the company is adequately protected in the event of a data breach;
(e) conduct internal training sessions to ensure employee compliance with the new data protection obligations; and
(f) consider whether the employment of a data protection officer is required.
It will be important for businesses in Oman to assess all personal data processing activities. This should include an audit of any activities likely to involve the processing of personal data relating to individuals in the EU, including information that indirectly identifies such individuals (such as IP addresses or customer reference numbers).
skip to main |
skip to sidebar
Search Oman Blog
Oman Contacts
Simon Ward, Managing Partner
Dominic Pilkington, Partner
Bruce Palmer, Counsel
Curtis, Mallet-Prevost, Colt & Mosle LLP
Qurum Plaza
108 Al Wallaj Street
P.O. Box 1803; PC 114
Muscat, Sultanate of Oman
Tel: +968 2465 2600 or +968 2456 4495
Blog Archive
Subscribe To Oman RSS
Subscribe via email
About Curtis
Headquartered in New York, Curtis is a leading international law firm with 19 offices worldwide. The firm represents a variety of clients across a wide range of practice areas. Curtis’ international outlook has been a hallmark of its practice since its founding in the 1830s.
Curtis Muscat was established in 1997 and is served by Oman, US, UK, Australia, and India qualified lawyers. We offer a full range of domestic and international legal services in the fields of real estate, corporate and commercial law, banking, energy, arbitration, insurance, shipping and port development, tourism, employment and public procurement, amongst others.
Visit https://www.curtis.com/ for more information about Curtis and its full range of practice areas.
Curtis Muscat was established in 1997 and is served by Oman, US, UK, Australia, and India qualified lawyers. We offer a full range of domestic and international legal services in the fields of real estate, corporate and commercial law, banking, energy, arbitration, insurance, shipping and port development, tourism, employment and public procurement, amongst others.
Visit https://www.curtis.com/ for more information about Curtis and its full range of practice areas.
Traffic Stats
Disclaimer
Content may be considered attorney advertising in some jurisdictions. The material is only a general review of the subjects covered and does not constitute legal advice. No legal or business decisions should be based on its content.
You should not send confidential information to us unless, and until, one of our lawyers requests it. We will not have an attorney-client relationship with you unless you have spoken with one of our lawyers and have received an engagement letter from us. The fact that unsolicited materials may be sent by you to us, or even that our lawyers may see such materials, shall not mean that we have agreed to represent you or that we will be conflicted from representing a different client in a matter in which you may be an adverse party or your interests may be adversely affected. Unless otherwise noted, Curtis, Mallet-Prevost, Colt & Mosle LLP attorneys are NOT certified by the Texas Board of Legal Specialization.
The information we make available on this site does not create an attorney-client relationship; nor does it substitute for obtaining legal advice from an attorney licensed in your state or country. We do not seek to represent anyone desiring legal representation, based upon viewing this web site, in any state or country where this web site would not be considered in compliance with all applicable laws and ethical rules.
To read the complete disclaimer click here.
You should not send confidential information to us unless, and until, one of our lawyers requests it. We will not have an attorney-client relationship with you unless you have spoken with one of our lawyers and have received an engagement letter from us. The fact that unsolicited materials may be sent by you to us, or even that our lawyers may see such materials, shall not mean that we have agreed to represent you or that we will be conflicted from representing a different client in a matter in which you may be an adverse party or your interests may be adversely affected. Unless otherwise noted, Curtis, Mallet-Prevost, Colt & Mosle LLP attorneys are NOT certified by the Texas Board of Legal Specialization.
The information we make available on this site does not create an attorney-client relationship; nor does it substitute for obtaining legal advice from an attorney licensed in your state or country. We do not seek to represent anyone desiring legal representation, based upon viewing this web site, in any state or country where this web site would not be considered in compliance with all applicable laws and ethical rules.
To read the complete disclaimer click here.
Content may be considered attorney advertising in some jurisdictions.
© Curtis, Mallet-Prevost, Colt & Mosle LLP. All rights reserved.
© Curtis, Mallet-Prevost, Colt & Mosle LLP. All rights reserved.