Emerging GCC data protection requirements will shift the focus to data privacy compliance and cyber insurance

Uptake of cyber insurance will continue to increase as companies double-down on data privacy compliance and cyber-security hygiene.

A continued focus on the implementation of standalone personal data protection and privacy legislation in the Gulf Cooperation Council (GCC) will mean that companies will seek to uphold the highest standards of data privacy and cyber-security hygiene as we head into 2024.

Similar to the European Union’s General Data Protection Regulation (GDPR) requirements, the data protection laws recently introduced in the GCC apply to the processing of ‘personal data’ relating to identifiable or identified individuals.

These laws set out various requirements around the processing and protection of personal data, as well as a requirement to notify personal data breaches to regulators and, in certain circumstances, affected individuals. 

We expect to achieve greater clarity about when and how the various data protection laws and standards will be enacted and enforced across the GCC region in the coming months.

This will likely see many companies increase their levels of data privacy compliance and cyber security hygiene which, in turn, will make them more attractive propositions for cyber insurers.

This will also help them to benefit from the protections and additional services that many cyber insurance policies provide, notably incident response services and access to defence counsel in respect of third-party claims following a cyber incident.