By Nick O’Connell, Partner, Al Tamimi & Co.
This briefing note was originally published by lus laboris and is republished with permission by Iraq Business News.
In Iraq the European Union’s General Data Protection Regulation (GDPR) has had limited impact.
There is currently no modern data protection law in Iraq, and there is accordingly no data protection authority.
There are Iraqi law considerations that could be material in the context of considering personal data processing activities, either in an HR context or more broadly.
These have not been prepared with GDPR in mind. They range from general provisions protecting privacy or providing for remedies where someone causes damage to another.
Depending on the circumstances of a data breach, it may be prudent to consider notifying law enforcement authorities and affected individuals, although there is no generally applicable legal obligation to do so.