The UAE government is setting the gold standard for protecting personal data, and with good reason. The copious amounts of data generated from our online presence has transformed the way we communicate, work, shop, manage our finances, run our homes, and even access essential healthcare services.
As one of several digital initiatives designed to prepare the country for the future, the UAE announced the Data Protection Law in December last. Similar to the Dubai International Financial Centre’s (DIFC) Data Protection Law and Abu Dhabi Global Market’s (ADGM) Data Protection Regulations 2021, the new law is critical in making foreign data transfers easier in terms of compliance by aligning with the EU’s GDPR.
This means, all businesses operating in the UAE will now need to carefully consider data protection in detail and, at an enterprise-wide level, ensure compliance. With the right approach, tools and automation, these regulations can present a significant opportunity for businesses to reassess the security measures across their IT environments and create new efficiencies.
You can’t protect what you can’t see
Over the last year, UAE organisations have made significant progress in their data protection efforts, with 58 per cent claiming that their security measures have kept up with Covid-led digital transformation projects, compared to just 43 per cent in the year before, according to our research.
However, many UAE organisations still lack clarity about the data they might need to protect. An average of 38 per cent of the data UAE organisations are storing is ‘dark’ – that is to say, they don’t know what it is – and that a further 49 per cent is redundant, obsolete or trivial (ROT). This means that only 13 per cent of enterprise data is crucial for running the business.
As data continues to be dispersed across an increasingly diverse range of cloud services and devices, organisations require a more unified approach to data management and protection.
Setting boundaries
The substantial increase in people working from home has presented a massive opportunity for cyber criminals to target companies whos security measures are not keeping pace with the new technologies. As a result, UAE businesses have, on average, been the victims of 4.2 ransomware attacks that had caused disruption and downtime to their businesses in the last 12 months.
Without implementing new technologies and training, businesses open themselves up to the threat of data loss incidents. According to previous research, 87 per cent of office workers in the UAE admitted to sharing sensitive and business-critical data using instant messaging and collaboration tools.
And just 18 per cent of employees would immediately alert their IT department if they had accidentally introduced ransomware into their organisations through shared cloud environments. Another 43 per cent said they would either do nothing or pretend it hadn’t happened.
This could have serious consequences for businesses that are missing the opportunity to prevent data breaches and maintain compliance with regulations. A recent public example of this is the JPMorgan Chase case: the organisation was fined $200 million for admitting to ‘widespread’ record keeping failures, as employees used WhatsApp, text messages, and personal email accounts to communicate about sensitive business matters.
To avoid such consequences, organisations must deploy clear guidance and training on the type of data that can be shared across various communication tools to ensure employees understand their responsibilities.
A unified approach
The cost of non-compliance often goes far beyond the monetary value a company will pay out in penalties, or even the ransoms demanded from cyber criminals that take advantage of gaps in security. Trust is the biggest loss a company could ever face – when customers lose their trust in an organisation to secure and protect their data, it’s very difficult to win it back.
The only way to ensure protection across their entire data estate is to implement a more unified approach, where businesses can manage data archiving, privacy, risk, and discovery from a single, integrated platform.
As taxing as data regulations can seem to be, the organisations that will be most successful are those who view regulations as an opportunity to reassess their security measures. By doing this, they can reduce the threat of data breaches, increase companywide efficiency, improve customer experiences, and ultimately, comply with those ever-important data protection regulations.
