About the Session
As the UAE strengthens its digital governance through DIFC Data Protection Law and Saudi Arabia’s NDMO frameworks, organizations in the MEA region face new complexities in handling data sovereignty, cross-border transfers, and compliance alignment. These regulations reflect a growing demand for localization, transparency, and accountability.
This roundtable brings together regional privacy, legal, tech, and GRC professionals to explore:
-
Key compliance themes under DIFC, NDMO, and broader MEA privacy regimes
-
How organizations are managing localization and sovereign data access expectations
-
Contractual and operational strategies for third-party processing
-
Adapting global programs to local frameworks and enforcement realities
Agenda Program
Date: February 17, 2026
MEA: Managing Data Sovereignty under DIFC/NDMO
12:00 – 12:10 PM GST | Welcome & Introductions
-
Moderator’s session kickoff and objectives
-
Speaker intros
12:10 – 12:40 PM GST | Challenge 1: Navigating UAE DIFC, ADGM & Saudi NDMO Laws
-
Comparing obligations under DIFC, ADGM, and NDMO frameworks
-
Data residency, government access rights, and registration duties
-
Key differences from GDPR and local regulatory expectations
What You'll Gain:
A jurisdictional guide to sovereignty laws and their enterprise implications
12:40 – 01:10 PM GST | Challenge 2: Localization, Transfers & Vendor Governance
-
Data transfer rules and contracts with regional third parties
-
Cloud usage, intra-group agreements, and encryption protocols
-
Emerging standards for sovereign access and regulator requests
What You'll Gain:
Vendor governance models and practical contract clauses for data localization
01:10 – 01:40 PM GST | Challenge 3: Implementing Controls Across Jurisdictions
-
Roles of legal, DPO, and IT teams in cross-border compliance
-
Risk assessments and internal documentation practices
-
Technology solutions for monitoring, audit trails, and breach response
What You'll Gain:
Actionable templates and strategies for building regional compliance infrastructure
01:40 – 02:00 PM GST | Live Q&A & Closing Reflections
-
Participant questions and speaker responses
-
Final takeaways: “One sovereignty action to implement in Q1 2026”
-
Post-event toolkit and GC360Flix access
Post-Event Toolkit Includes
-
One Actionable Takeaway per Speaker (curated by GC360)
-
Data Sovereignty Risk Matrix or Contract Sample (if shared)
-
Session Summary
-
Certificate of Participation
Speakers & Contributors
Speakers include in-house leaders and solution experts.
Mark Anderson
Head of Products,
Insightful Technology
Magdalena Konig
General Counsel,
Sirius International Holding
Akshay Dalal
Head of Regional Risk, Compliance & Regulatory Affairs,
Purvi Patel
Senior Counsel, Global Privacy Data Cyber Regulatory Office, Nokia
Mohamed Moosa
Chief Privacy Officer,
Sasol
Habib Saeed
Senior Associate,
Squire Patton Boggs
Who Should Attend?
Professionals driving legal operations, efficiency, and modernization in the MEA region:
General Counsel and In-House Legal Leaders
Privacy and Data Protection Officers
Privacy and Data Protection Officers
Investigations and Risk Professionals
IT, Security and Cloud Governance Stakeholders
