As a Sharia advisory firm, that deals with banks, asset managers, insurance companies and fintechs we understand how sensitive and confidential information is for our clients. This is why we are committed to complying with the data protection laws of Bahrain, Saudi Arabia and the European Union (EU). Additionally, all our operations are governed by the Personal Data Protection Law (PDPL) of Bahrain which regulate the collection, use, storage and transfer of personal data. The PDPL aims to protect the rights of the individuals and businesses we deal with by establishing a legal framework that defines the methods and means of processing data in a fair and secure manner.
We also strive to comply with the data protection laws of the countries where our clients are located. This commitment not only helps meet the expectations and standards of our clients and regulators, it also demonstrates our respect for the privacy and security of our clients and their investors.
Risks of dealing with service providers not following data protection procedures
Dealing with firms who are not compliant with data protection laws may expose you to various risks such as:
Legal liability: non-compliant firms may not have a valid legal basis to collect, use or transfer your personal data. This may violate the rights and obligations under the data protection laws. As a financial institution you may be held liable for any breach or violation that occurs due to their actions or omissions.
Data breach: The service provider may not have adequate technical and organizational measures to protect the personal data of banks and financial institutions from unauthorized access, disclosure, alteration or destruction. This may result in a data breach that may compromise confidential information and cause harm or damage to your firm.
Reputational damage: Firms with a lack of data protection controls and policies may not respect the privacy and security of your customers and investors. In case of a breach, your reputation and credibility may be at risk among your clients and stakeholders.
Why is data protection important?
When engaging with a Sharia advisory or Sharia audit firm you should ensure their data protection policies and controls because it can impact your investors and customers for the following reasons:
Compliance: to help fulfill your legal obligations and avoid any penalties or sanctions for violating the PDPL or its executive decisions.
Security: ensure that the Sharia advisory firm has adequate mechanisms to address the risks arising from the use of personal data and to combat breach of your customer’s privacy.
Protection: to safeguards privacy and prevent breaches of personal data of your investors and customers by unauthorized parties.
How do we protect your personal data?
We have implemented various policies, procedures and protocols to ensure that your personal data is processed in accordance with the PDPL and its executive decisions. Some of the measures we have taken include:
Obtaining your written and explicit consent before collecting or processing your personal data, unless there is a legal basis for doing so without consent.
Informing you about the purpose, scope and duration of processing your personal data, as well as your rights and obligations under the PDPL.
Limiting the collection and processing of your personal data to what is necessary, relevant and adequate for the purpose for which it was obtained.
Ensuring that your personal data is accurate, up-to-date and complete.
Keeping your personal data secure from unauthorized access, disclosure, alteration or destruction.
Not transferring your personal data outside Bahrain or KSA (as the case may be) without your specific consent or a special authorization from the Personal Data Protection Authority (PDPA), unless the destination country provides an adequate level of protection for your personal data.
Obtaining prior written authorization from the PDPA for certain types of processing operations that involve automatic processing involving linkage between personal data of more than one entity.
Respecting your right to access, correct, delete or object to the processing of your personal data, as well as your right to lodge a complaint with the PDPA if you believe that your personal data has been processed in violation of the PDPL.
What you should check to ensure data protection compliance?
To ensure data protection compliance, you should:
Ask the Sharia advisory and audit firm for their data protection policies, procedures and protocols. Make sure they comply with the data protection laws of Bahrain, Saudi Arabia, UK and the EU.
Review the data protection clauses in their contracts and agreements. Make sure they include clear terms and conditions regarding the collection, use, storage and transfer of your personal data.
Make sure the firm obtains your consent or has legal basis for processing your personal data when they conduct the Sharia audit.
Check how they follow their data protection policies, procedures and protocols.
Enquire on how they report any incidents or issues related to your personal data promptly and transparently.
Contact us today for more information on our data protection policies.