Dubai: With two-thirds of global organisations ramping up compliance to meet the European Union data privacy regulations, the UAE faces growing urgency to adopt information management solutions this summer for compliance and better business decision-making, urged an industry expert.
The EU’s General Data Protection Regulation (GDPR), which will be enforced on May 25, 2018, is a vast and complicated process that requires all large and small businesses, in all regions and in all industries, to more strengthen protection of personal data of all EU citizens in 28 member states.
The European Parliament adopted the GDPR in April last year and has already been ratified into the UK law, thus replacing an outdated data protection directive from 1995.
Savitha Bhaskar |
With less than 12 months to act, Savitha Bhaskar, chief operating officer at UAE-based IT infrastructure and information management consultancy and solutions provider Condo Protego, said that there’s still a worrying number of businesses that barely know about the regulation.
According to a recent GDPR report by information management company Veritas, vast majority of organisations worldwide (86 per cent) are concerned about meeting GDPR guidelines, and two-thirds (65 per cent) of organisations are working with third parties on GDPR compliance.
Bhaskar said that many of the UAE organisations do not know if they are GDPR compliant, this summer is vital to begin their compliance, or risk falling behind and facing penalties.
She said that any organisation that does business in or holds data on residents in the European Union needs to be able to secure, identify, and delete personal data. If not fully compliant when GDPR goes into effect, organisations face fines of 20 million euros or four per cent of revenue.
While the originator of data remains the owner, under GDPR anyone who processes that data is also responsible.
If a tech company houses, handles or exchanges the personal data of any EU citizen it is required to be GDPR compliant.
“GDPR defines accountability for data protection across the board and companies will have to clearly define responsibilities and liabilities among partners,” she said.
“The companies in the UAE need to start getting a plan into place as it cannot be done overnight. It will take around three to six months to think how compliant their businesses are and will take another three months to fortify our systems and another three months to roll out the infrastructure,” she said.
As of now, she said that there are lot of companies struggling in the EU to meet the deadline and many consultancy reports have also said it but in the region, many companies have pretty good IT infrastructure when compared to many other countries.
“The new regulations give users the right to be notified if a breach occurs by requiring organisations to report data breaches to data protection authorities,” she said.
According to Gemalto’s 2016 Breach Level Index report, 1,792 data breaches worldwide led to almost 1.4 billion data records compromised worldwide during 2016, an increase of 86 per cent compared to 2015.
Data breaches in the Middle East were up by 16.67 per cent to 21 in 2016 compared to 18 in 2015 and 45.2 million data records were compromised compared to 38.5 million a year ago.
Identity theft was the leading type of data breach in 2016, accounting for 59 per cent of all data breaches while 52 per cent per cent of the data breaches in 2016 did not disclose the number of compromised records at the time they were reported.
Bhaskar said that not every company is going to be affected by GDPR, only those who have businesses that use EU citizens’ data.
“Many tech companies are now offering pre-packaged software solutions to help companies to meet the GDPR standards. Organisations in the UAE should work closely with channel partners on a data platform and upskill staff on GDPR compliance. With better data insights, organisations can also gain more informed decision-making, faster time to market, and enhanced customer trust,” she said.