38% of the data UAE organisations are storing is “dark”

February 1st, 2022 marks the first anniversary of the enactment of the Abu Dhabi Global Market (ADGM) Data Protection Regulation 2021, which was introduced with the aim of creating a world-class data protection framework that protects personal data, while also making foreign data transfers easier by aligning with the EU’s GDPR.

One year on, UAE organisations have made significant progress in their data protection efforts, with 58% claiming that their security measures have kept up with COVID-led digital transformation projects, compared to just 43% in the year before, according to recent research by Veritas.

However, many UAE organisations still lack clarity about the data they might need to protect. According to Veritas research, an average of 38% of the data UAE organisations are storing is “dark” – that is to say, they don’t know what it is – and that a further 49% is Redundant, Obsolete or Trivial (ROT).

Today’s one-year anniversary marks the end of the twelve-month transition period set by ADGM, meaning that organisations operating within the jurisdiction and beyond, are now bound to ensuring compliance with the new requirements of the regulation. Failure to comply carries the risk of stiff financial penalties of up to $28 million for serious breaches.

Johnny Karam, Managing Director & Vice President of International Emerging Region at Veritas, said “The last 18-24 months have been tough on businesses – the unprecedented COVID-19 pandemic forced businesses to accelerate their digital transformation journeys, creating yet another layer of complexity for compliance. Unfortunately, many organisations are now lagging behind when it comes to protecting their IT environments, leaving them badly exposed to digital risk. The good news is UAE businesses have recognised this gap in their security measures and 21% confident that they will be able to close the gap this year, putting them in better stead for regulatory compliance.”

Another key challenge over the past 18 months has been the mass shift to remote working, which has led to employees becoming increasingly reliant on cloud-based technologies. Unfortunately, the more people there are accessing cloud drives and shared documents, the more opportunities there are for human error and data loss incidents to occur. In fact, recent Veritas research revealed that just 18% of employees would immediately alert their IT department if they had accidentally introduced ransomware into their organisations through shared cloud environments. Another 43% said they would either do nothing or pretend it hadn’t happened. This could have serious consequences for businesses that are missing the opportunity to prevent data breaches and maintain compliance with regulations.

Karam continued: “Regulations, such as the ADGM Data Protection Regulation 2021, are setting the gold standard for protecting personal data. This is a significant opportunity for organisations to reassess the security measures across their IT environments to not only improve data protection, but to also increase companywide efficiency, improve customer experiences, and open up new revenue streams.

“The UAE is a global hub for innovation. However, the rise in increasingly sophisticated cybercrime means that organisations need to ensure their security measures evolve just as quickly as their digital transformation efforts to keep their data safe. Modern data protection platforms that can operate across the entire data estate – both in your data centre and the public cloud – can help businesses radically reduce the time and effort required to manage data protection and compliance protocols, thereby fulfilling their obligations to the ADGM Data Protection Regulations without shouldering the burden of managing various protection solutions.”