The widespread adoption of digitisation initiatives across the Middle East has also resulted in the growing vulnerability to cyberattacks.
The Telecommunications Regulatory Authority (TRA) alone foiled a total of 86 cyberattacks against government, semi-government and private sector entities in the UAE during the first two months of 2018. If adequate measures are not taken to mitigate the risk, cyberattacks will continue to disrupt the progress of digital transformation, which can in turn slow down economic growth.
In the light of continuing cyberthreats, immediate adoption of information management solutions and legislations such as the EU’s General Data Protection Regulation (GDPR) are becoming imperative. According to GDPR, approved by the EU Parliament in April 2016, any organisation that does business in or has possession of data on residents in the European Union needs to be able to secure, identify, and delete personal data.
The enforcement of GDPR on May 25, 2018, is set to affect several GCC organisations as well. Organisations that have a branch, subsidiary or single representative in the EU; organisations that do not have a physical presence in the EU, but offer goods or services to data subjects in the EU; and businesses that neither have a physical presence in the EU nor offer goods or services to people in the EU, but monitor the online behavior of data subjects in the EU, are required to ensure compliance with GDPR. With the deadline fast approaching, many GCC organisations are yet to begin the processes, risk lagging behind and facing penalties.
Under GDPR, every business that deals with the personal data of an EU citizen must know where their data is stored at all times. This knowledge is the first step toward GDPR compliance. However, the survey shows that knowledge levels are low globally, with only 40 per cent of respondents stating that they can say with confidence where all of their data is stored. U.S. respondents are the most confident (52 per cent). Across EMEA, confidence is much lower (just 35 per cent), which is only 10 per cent higher compared to NetApp’s survey results in 2017.
“The level of awareness on the implications of the GDPR deadline is relatively low in the region and that could be the major reason behind the slow pace of activities aimed at ensuring compliance. Organisations will need three to six months to assess their current level of compliance, another three months to fortify their systems and an additional three months to roll out the infrastructure. Companies in the UAE do not shy away from investing in robust IT infrastructure and that will be an advantage in navigating this challenge,” said Fadi Kanafani, Regional Director, Middle East and Africa, NetApp.
With six weeks to go until GDPR deadline, NetApp’s global research has found that the 1,106 IT decision makers surveyed across major markets are united in their concerns. One-third of respondents say that the impact of noncompliance with GDPR puts the survival of their business at stake. At the same time, two-thirds of respondents expressed some level of concern about achieving compliance by the deadline.
The survey, which was completed by Opinion Matters in March 2018, included 1,106 C-suite managers, CIOs, and IT managers responsible for or involved in IT buying decisions, working in companies with 100 or more employees.