Privacy Talk with Sayid Madar, Head at ADGM Office of the Data Protection Commissioner: What is the responsibilities with ADGM data protection commissioner?
“This interview recorded on 7th June 2022 is talking about data protection
and new technology”
Kohei is having great time discussing data protection and new technology with Sayid Madar.
This interview outline:
- Introduction
- What is your role at Information Commissioner’s Office?
- What is your experience after moved to Abu Dhabi regions?
- What is the responsibilities with ADGM data protection commissioner?
Kohei: So thank you for everybody to come to the Privacy Talk. Great to be honored to be invited Sayid from Abu Dhabi. This is a very exciting topic to talk about with him at this moment. So thank you for Sayid coming to the Privacy Talk.
Sayid: Thank you Kohei-san for this kind invitation, and that’s a privilege actually to be a part of privacy talk to be with you today from Abu Dhabi.
Kohei: Thank you. First of all, I’d like to share his profile.
Sayid is the Head of Operations at the Office of the Data Protection Commissioner, Abu Dhabi Global Market (“ADGM”). With over 10 years of experience in data protection and privacy, he is responsible for overseeing the operations of the office. Prior to moving to the UAE, Sayid was a Lead Enforcement Officer at the UK Information Commissioner’s Office.
He has also held positions at various UK Government Departments as a data protection compliance professional. Sayid has an LL.M. in Information Rights Law from Northumbria University and is an IAPP Fellow of Information Privacy.
So it’s a great to be honored having a talk this time.
Sayid: Thank you, Kohei-san.
- Introduction
Kohei: Thank you. So let’s move on to today’s agenda. I’d like to ask you about your activity first. So you have a various experiences so far as the data protection field. So could you tell us why you started to work in the data privacy field?
Sayid: Yes, absolutely. I mean, like many in the field, I can actually say that I fell into data protection and privacy wasn’t something that I planned really. And when I finished university in Southampton, I moved up to an area called Stockport which is in the northwest of England. So I’ve moved from the further south to Northwest.
And that’s where I started actually my first role in the civil service. I worked for a Law Commission governing body called the Child Maintenance Enforcement Commission(CMEC). I worked as an enforcement officer for the non-compliance team of CMEC which was called at the time and my role predominantly focused on you know, safeguarding the rights of children and in particular, ensuring that, the non resident parties or parents in this case, you know, could contribute to the upbringing of this child.
So, therefore, I spend a lot of time working on casework dealing with these types of issues and transparency played a key role in that you know, it’s a common understanding when, join the UK public sector and you work a UK public sector organization that you have to be transparent in decisions that information that you do have decisions that can be taken by yourself as a case officer.
And during the training of that, you know, you’re always emphasized that you know, information that you work with can be published online for freedom of information requests.
So you have to ensure that you know, you write and you do your work with, you know, a level of integrity and transparency in your day to day operations. But, you know, what I learned over the years as well as the court is called casework, you know, really is the processing of personal data, and it can in some cases have an adverse impact to individuals.
So our actions as case officers or inactions at times, you know resulted in direct impact on families and children and our positive decisions, even though they’re given to us through law.
That doesn’t mean individuals don’t have rights. And that’s really when I had my first interaction with data protection, privacy, you know, through the use of individual rights. I received my first subjects access request. I believe at the time you know, this was about two months into my role so
At that point, really I had this level of curiosity you know, I was quite new in my job but I’m learning the ropes and I get introduced into data protection, privacy, the right individual rights.
And even though you know, I didn’t have a good understanding of the law, you know, the right to respect privacy. I recognized that it seemed like the right thing to do as a case officer. So as individuals, you know, individuals should have a right over their personal data.
They should have, the right to ask questions, or request a copy of the file. And the dates that are created using and you’ll make a decision upon. So that’s really how I have fallen into data protection and privacy.
Kohei: Thank you. You had a great experience in United Kingdom through the data protection field. So could you tell us more about your work at the UK Government especially for the Information Commissioner’s Office?
- What is your role at Information Commissioner’s Office?
Sayid: Thank you for I’m sure so after my time at child maintenance and enforcement commission (CMEC), I moved within the UK civil service so I worked for the Department for Work and Pensions at the time as a compliance officer.
And then I moved to what’s known as Her Majesty’s Customs which is like the tax authority in the UK, both in Manchester. Through that I was working far more with subject access requests use case once again, but far more interactions with individual rights lawyers, third party counsels who are defending their clients, whether it’s a DWP case or HMRC or casework around tax and collection or use of data as well.
But, following a couple of years, I think working in the civil service, I found that by chance that there was a job opportunity at the Information Commissioner’s Office. And really, it was my first interaction because I didn’t know that the ICO was so close to Manchester.
For those who are not aware. The Information Commissioner’s Office is actually located not far from an area called Stockport in Winslow, which is 10–15 minutes drive from Stockport, where I lived at the time.
So I noticed there was an opportunity there and I applied for it and it was for an enforcement job, working for the Information Commissioner which I was successful for. I worked in what was known at the time of the Civil investigations team.
So as my job I was responsible for conducting investigations into companies where there was a breach of the data protection law, but in particular, my focus area was what was known as the breaches of the seventh principle at the time. So that’s the principle of security under the 1998, UK Data Protection Act.
That was, I had a sector speciality. I was also focused on certain key sectors, so my areas finance, local government and health. So I spent three years, I’ve been here really before I moved into a group data protection officer role in the UK for a large charity called Turning Point.
And this was a charity that was focused on mental health and substance misuse. So it worked with a lot of sensitive data, and we work closely with local government authorities as well as other sectors and it was my first real big exposure from a regulator back into a company side where I was responsible for setting up the data protection framework.
- What is your experience after moved to Abu Dhabi regions?
And of course, following up post then you know, after a couple of years that I was moved out here to Abu Dhabi. And so my journey of data protection within the UK really projected, as it catapulted me really to my position in Abu Dhabi in late 2018, where I was managing a global data protection program in Etihad aviation group.
Etihad had been one of the largest Middle Eastern Airlines, but I worked my team and I, we worked, we were overseeing the global operations of Etihad. So, we were operating in over 60 countries and 10 legal entities and I was responsible for coordinating, managing and advising on data protection matters across the group.
So across all the different time zones from Japan because we did fly to Tokyo in Japan all the way to California, outside of the states so and then obviously that’s what led me to my current role I moved back into Abu Dhabi, Abu Dhabi Global Market.
Kohei: And that’s very cool. I think it’s a very rare experience to have a various perspective to work on even the data protection in the middle of the creation. So I think that you’re currently working at ADGM. So what what is your basic role? You probably sits in the head of the data protection and this organization
Sayid: Yes, thank you. I’m just going to share my screen at the moment. Give you a control cause you can give me control to share my screen. I’ll share some few slides where I can give you an overview about data protection here in ADGM. So ADGM is actually it’s a financial free zone jurisdiction in Abu Dhabi. Perfect, thank you.
- What is the responsibilities with ADGM data protection commissioner?
Abu Dhabi Global Market is, it’s a financial freedom jurisdiction and what that means, I think, to many of our listeners, it’s a jurisdiction within Abu Dhabi is the best way to describe it’s like the Vatican in Rome. In ADGM, it was set up as a financial free zone jurisdiction and the free zone means to establish a jurisdiction within the country.
And here we the laws of Abu Dhabi in the UAE does not apply to ADGM and ADGM can set up his own civil commercial laws. And it governs that through the use of courts. But ADGM was established by cabinet federal decree number 15 or 2013, which established financial free zone with Abu Dhabi Global Market.
Abu Dhabi global market has a jurisdiction is the island of Al Maryah. So there is an island in central Abu Dhabi, where the jurisdiction the whole island is regulated here by Abu Dhabi Global Markets.
And there’s different authorities and courts that regulate here and ADGM. So, as a highlights of the key thing to understand is ADGM is a jurisdiction within Abu Dhabi, within the UAE that is able to enact and regulate laws with on the island in our jurisdiction, and the way it functions is, ADGM has three independent key authorities, which are the Registration Authority, the financial services regulatory authority, and then you have the ADGM courts.
And you have the board of directors here and ADGM, which act as the legislator for the island. They’re responsible for passing legislation on the island. So I work for the Office of Data Protection, the Office of Data Protection reporting to the commissioner of data protection, Mr. Sami Mohammed.
We regulate both ADGM entities but also the authorities here and the different authorities. I’ll quickly just give you an overview as the registration authorities responsible for licensing businesses to operate in ADGM.
Today there are four and a half thousand businesses operating on the island within the jurisdiction of the ADGM. We have the financial services regulatory authority, where it’s responsible for regulating the financial industry and financial sector so they govern all activities relating to financial activities on the island, whether that’s banks or other financial institutions.
And then you also have the ADGM courts, which is responsible for administering the laws regulations on the island. So if there’s any grievance disputes or anything, there’s an independent court which is headed up by Lord Justice Hope. And responsible for administration in determining civil and commercial disputes on the island.
The Office of Data Protection is the statutory supervisory Data Protection Authority here on ADGM. We are responsible for regulating companies within our jurisdiction.
And just a quick overview, just you can see here, we have some of the largest companies here in ADGM, that call ADGM home and we’re responsible we regulate them as the commissioner’s office so we regulate the ADGM Data Protection regulations here on the island.
Kohei: Thank you. Yeah, there is pretty advanced at finance field to organize the equation of the new structures of the data protection. We can learn from your quite honest activity that is very excellent.
So I would like to move to the next question. I think the ADGM is a very attractive place for the financial sector this moment. So could you tell us what did you do to enhance the awareness to data protection in ADGM at this moment?
Thank you for reading and please contact me if you want to join interview together.
Privacy Talk is the global community with diversified expert, and contact me below Linkedin if we can work together!
