Article by Veritas Technologies
Coming into effect yesterday, the new Dubai International Financial Centre Data Protection Law 2020 law will bring enhanced governance and transparency obligations. Companies operating in DIFC and beyond now have three months to address the requirements of DPL 2020, which also means three months to get control of their data.
Most companies in the UAE are prone to data-hoarding with minimal visibility or control of their unused, and unseen data. Last year, Veritas Technologies released its 3rd edition of the ‘Middle East Databerg Report’ which revealed that UAE businesses surveyed were failing to manage their data efficiently. The study found that 88% of the data stored by organisations is dark and ROT (Redundant, Outdated, Trivial information).
The new DPL 2020 law will actively benefit companies in a range of ways. Not only will managing data effectively ensure data compliance, it will also increase company-wide efficiency, provide competitive advantage, and protection against malware attacks.
Veritas has gone to great lengths to address the upcoming legislation, going so far as creating and incorporating new functionality into its insight products, designed specifically around the DIFC laws.
This includes helping customers manage unstructured data, allowing them to identify risk by classifying and managing personal data as per the new DPL regulations. Beyond this, the company recommends five key steps for businesses to prepare their data management strategies for DPL 2020 compliance:
1. Establish and implement data maps and policies: Critical to compliance is having a clear data map in place which elucidates where this information is being stored, who has access to it, how long it is being retained, and where it is being moved. This will help your enterprise in both processing and managing personal as well as mission critical data.
2. Top to bottom level involvement: Protecting data requires company-wide buy-in including business units such as HR, marketing, customer service and especially IT. Collective efforts across the board need to be made in order to mitigate future compliance risks and data mismanagement.
3. Increase data visibility across all levels: Obtaining insights into all data flows as well as classifying and tagging data is vital for success. Where does the data come from and who is it shared with, is key to achieving governance and compliance of the new law.
4. Establish protection and breach protocols: Confirm your protection systems are up to scratch. Then expect an attack. Establish a robust data breach procedure in order to detect, report and investigate personal data breaches, as these will now have to be reported to a Data Protection officer as part of the new DPL 2020 laws. Make sure that detailed, trustworthy, swift and automated back-up is in place should recovery be needed.
5. Minimise the data load: Keep your data only for the period of time directly related to the original intended purpose. The deployment and enforcement of retention policies that automatically expire data over time strongly contributes to greater compliance.
It is now more important than ever for companies to have a data management strategy in order to ensure data compliance is taking place within an organisation – both from an operational and cultural perspective. By encouraging data responsibility and implementing the latest data management tools, businesses can do their bit in preparing themselves for DPL 2020.