With UAE organisations facing a less than two months to become compliant with the European Union’s General Data Protection Regulation (GDPR), CIOs can follow three steps of discovery, sorting, and taking action, industry experts announced today.
Going into effect on 25 May 2018, under GDPR any organisation that does business with the European Union needs to secure, identify, and delete data. Non-compliance risks fines of EUR 20 million or four per cent of revenue. However, nearly half (47 percent) of organisations will not be GDPR compliant in time, and one in five (21 percent) fear closure, according to the recent VERITAS 2017 GDPR Report.
Andrew Calthorpe, CEO, at UAE-based IT infrastructure and information management consultancy and solutions provider Condo Protego, has outlined a three-step process for GDPR compliance:
1. Data Discovery
First step is for organisations to understand their data. The Databerg report, See what others don’t, found more than half (54 percent) of an organisation’s data is considered “dark”–unclassified or unable to be easily analysed. To search, discover, and review data, UAE CIOs need to rapidly modernize their information management and IT infrastructure.
2. Data Sorting
Nearly half—42 per cent—of organisations cannot determine which data should be saved, according to the VERITAS 2017 GDPR Report. This is an issue, as GDPR requires organisations to retain data while still being used for its original purpose but deleted afterwards. Data security and protection go together with data classification.
3. Taking Action
UAE organisations immediately need to take a proactive approach to GDPR and are increasingly adopting the VERITAS 360 Data Management for GDPR solution.
This solution helps organisations to assess their GDPR compliance, then deliver a holistic organisation-wide strategy to become compliant. These same data analytics and protection can also enable new digital business models and customer experiences.