GDPR in the Middle East


We are an export company and mainly deal with companies based in the Middle East. Occasionally, they will contact us via WhatsApp. Do we have to do anything with regards to GDPR with them?


  • GDPR is really aimed at putting a lot more control in the hands of everyday people when it comes to personal data.
  • They should know: what is being collected, how it is being processed, who it is being sent to, how long it is being stored and used for – amongst a host of other things.
  • When it comes to communicating with partners overseas via WhatsApp – if this something that is broadly enabled between you both as part of a contract (“legitimate interests”) this should not pose a major issue.
  • It would however, if these exchanges include personal data pertaining to EU and UK citizens – e.g. personally identifiable information pertaining to clients or other contacts.
  • These should be broadly reserved for official channels where it is easier to trace and handle this information appropriately (e.g. so it can be collected, paused, deleted as appropriate).

This answer was provided by Virtuoso Legal. For more information about how Virtuoso Legal can support you, visit their site at:

This question was asked as part of our webinar on managing the legal risks of export. You can watch the recording of this webinar at:

If you’d like to learn more about protecting your trade marks overseas, check out the Institute’s new video training modules – produced in partnership with Virtuoso Legal – here:

You can purchase each video separately or purchase the complete series of 12 videos for £250 +VAT (member price, non-members £310 +VAT), saving £50. To purchase the complete set please use the link at the bottom of the page.

Virtuoso Legal are a boutique firm of world class intellectual property solicitors. Over the past 10 years they have successfully represented clients in hundreds of intellectual property matters.

Export Action Plan