• Barry Cook, Group Data Protection Officer, VFS Global says outbound travellers of any nationality to the EU from Middle East and North Africa (MENA) region will get data protection and privacy rights under GDPR. Leading visa service provider VFS Global among 15% of global companies to be already GDPR compliant.

      As the European Union’s General Data Protection Regulation (GDPR) went live from May 25 2018, businesses in the Middle East dealing in travel and visa facilitation services would have to critically evaluate and reinforce their information management systems to avoid the risk of data breaches, said Barry Cook, Group Data Protection Officer, VFS Global.

      While any Middle East business dealing with an EU counterpart will come under the GDPR regime, at the individual level, any outbound traveller to any of the Schengen and UK destinations from Middle East and North Africa (MENA), irrespective of nationality, are also covered under the sweeping data protection and privacy rights regulation, he said.

      “We process millions of visa applications to EU countries from 139 countries world over and it is imperative for us to put in fool proof systems to abide by the legislation. In general, travel and visa facilitation companies by virtue of the nature of their business are heavily exposed to personal data which means that the industry in the Middle East as a whole needs to have imminent readiness to be GDPR-compliant,” Barry said.

      The GDPR regulations are meant to protect the privacy and personal information rights of individuals and data breaches can attract heavy fines.

      The law was enacted two years ago while its enforcement across all 28 EU countries came into effect at midnight on May 25, 2018.

      The legislation raises the standards of personal data privacy across not just Europe but across the world by changing the rules of companies that collect, store or process user information. Every company that operates in Europe, or has European users will be required to comply with the GDPR standards.

      “Travel to European destinations from the MENA countries form a major part of VFS Global’s business and we have already instituted an array of security measures and internal mechanisms in earlier years to ensure that we are GDPR ready. We are proud to say that according to a global research we belong to approx. 15% of companies that are GDPR compliant”, said Barry.

      From MENA countries alone, VFS Global processed over 1.6 million visa applications in 2017 to EU countries, a large share of which was from the GCC.

      The scope of GDPR is sweeping and encompasses right to access data, modification and erasure, right to object to automate processing or even to restrict processing, among others. It also forbids targeted emails unless there is explicit consent from an individual at the receiving end.

      “Going forward, GDPR will be a global benchmark in privacy standards and we see it as an opportunity to implement world-class data protection policies across the VFS Global operations globally”, said Barry.

      He said the processes and mechanisms VFS Global has triggered to stay within the norms of GDPR include deployment of a state-of-the-art website cookie preference centre that allows users to choose what cookies they want in their browser to creation of a dedicated communication channel for applicants to find out how their personal data is used and to answer their queries.

      VFS Global will also have impartial data protection champions across the regions it operates from, including in MENA.

      “In anticipation of the new privacy and data regime, we had done a GAP analysis last year and we can safely say that we are GDPR compliant,” said Barry, adding that VFS Global even before the new legislation follows a prudent policy that is mandated across its centres not to store user data and delete it at periodic intervals.