The Gulf Time Newspaper One of the finest business newspapers in the UAE brought to you by our professional writers and editors.
The European Union’s General Data Protection Regulation (GDPR) is due to come into effect on May 25, 2018, meaning Middle East organizations that handle the personal data of EU residents will have to be compliant. IT teams in the region have more than a year to audit their systems, check existing customer data, and ensure that processes are in place that adhere to the newly introduced regulations.
The Middle East is a unique market that is not only considered home to a large population of expatriates, but also has strong ties with EU countries. The EU is one of the largest trading partners with the UAE, with the volume of trade between the two exceeding AED32 billion in the first half of 2016. The success of such relationships will rely heavily on meeting compliance requirements. As the repercussions in failing to do so are expected to be massive and could lead to fines in excess of AED 7 million or 4% of global annual turnover for the preceding financial year, whichever is greater.
Whilst it’s clear that global watchdogs who are tasked with governing compliance with GDPR will play hardball, the gap between intentions and actions can be a big one. Which leads me to share my thoughts on a question that most industry professionals are pondering: What implications will GDPR have on IT in the region?
GDPR knowledge
set to grow
Whilst conversation around GDPR is growing across IT professionals and business leaders, it isn’t sufficient. In fact, research from Dell found that around 80 per cent of respondents had little awareness of the concrete requirements required by GDPR. To remedy this, the industry is expected to invest heavily in marketing campaigns to educate customers. In the same space, business in finance and consulting will aim to advise their clients accordingly with the hopes motivating them to act quickly.
Preparation
phases for GDPR
GDPR covers all customer data records within a business and transforms workflows and previously set rules. The problem lies in companies not knowing exactly how much data they have stored and where. For now, organizations lack comprehensive IT asset lists that don’t fully represent all the devices in their possession. This in itself risks their abilities to comply with GDPR in the future.
The lack of accurate information regarding IT assets will make it incredibly difficult to maintain over time. To ensure that things run smoothly, larger enterprises will have to hire data protection officers to properly manage compliance matters. A resurgence of IT asset management technologies in the run up to May 2018 is also expected.
Massive spike in
consultants’ market
Although IT vendors and partners will be doing their best to educate IT teams, there may not be enough skills internally to cope with the intricacies of GDPR. As more companies start recruiting experts / consultants to assist in their GDPR planning and compliance projects, the availability of those with the necessary skills will be in short supply. This will be particularly problematic for companies with their own sets of regulations to consider such as banking and pharmaceutical industries. As such, companies will have to prepare to pay costly sums for security talent, due to the high premium salaries they will most likely demand, which we can expect an uptake, closer to the second half of 2017.
More collaboration
and consolidation
The typical image of IT departments is that they are shut away from the rest of the business, sticking to their own goals with little communication taking place between other teams. While this might have been true in the past, it is not accurate today. CIOs often hold board level positions as technology increasingly plays a critical
role in empowering enterprises to be
successful.
However, many will need convincing that GDPR will require additional investment or support.
Building a business case around compliance is crucial to win this battle. The first area to highlight as mentioned previously is that failure to comply are the fines. Secondly, such projects can be linked to additional business objectives that can provide return on investment or cost reductions. For example, consolidation of IT vendors and a reduction in suppliers can reduce overall cost.
Rather than best of breed, IT teams will look at moving from managing separate areas like web security, IT asset management and vulnerability management to a unified approach based on the best suited vendor.
Hadi Jaafarawi is the Managing Director at Qualys
Middle East