UAE DPL law one year on – organisations making progress, but much more still to be done, says Veritas

October 1st 2021 marks the first anniversary of the enactment of the inaugural Dubai International Financial Centre (DIFC) Data Protection Law (DPL) No 5. One year on, UAE organisations have made significant progress in their data protection efforts, with 58% claiming that their security measures have kept up with COVID-led digital transformation projects, compared to just 43% last year, according to recent research by Veritas.

However, many UAE organisations still lack clarity about the data they might need to protect. According to Veritas research, an average of 38% of the data UAE organisations are storing is “dark” – that is to say, they don’t know what it is – and that a further 49% is Redundant, Obsolete or Trivial (ROT).

The new DPL No 5 regulation, which replaced the previous DIFC Data Protection Law No.1 of 2007, aims to make foreign data transfers easier by aligning data-handling organisations in the DIFC with the EU’s GDPR. UAE companies were given a target deadline of October 2020 to comply with the new regulation.

Johnny Karam, Managing Director & Vice President of International Emerging Region at Veritas, said: “The rapid digital transformation that organisations have had to undergo in order to stay afloat during the COVID-19 pandemic has meant that many are still lagging behind when it comes to protecting their data and IT environment, leaving them at risk of regulatory non-compliance and dangerously exposed to data threats, such as ransomware. The good news is that we’re starting to see UAE businesses begin to redress the balance, with 21% confident that they will be able to close vulnerability gaps in their data practices this year.”

One of the key challenges over the past 18 months has been the increasing number of employees saving sensitive company data to local drives on their laptops or via instant messaging applications and business collaboration tools. Unless properly managed, this can create a huge pool of data that businesses have no visibility or control over, leading to significant compliance challenges.

Karam continued: “The online world has opened up incredible opportunities for us. However, with great opportunity also comes great risk. In the past year, we’ve seen a significant rise in cybercriminals targeting weaknesses in businesses’ IT infrastructures with increasing sophistication. If we’ve learnt anything from this,  it’s that we need to constantly adapt and stay ahead to keep our data safe. By selecting a single data protection platform that can operate across the entire data estate – both in your data centre and the public cloud – businesses can radically reduce the time and effort required to manage data protection and compliance protocols, thereby fulfilling their obligations to the DPL 2020 law without shouldering the burden of managing various protection solutions.

“Instead of viewing regulations as a compliance burden, companies should look at this as an opportunity to manage their data more effectively. In doing so, they can also increase companywide efficiency, better utilise data to improve customer experiences, open up new revenue streams and perhaps most importantly, improve protection against ever-looming ransomware attacks.”