Veritas Technologies has unveiled that UAE businesses are failing to manage their dark and redundant, obsolete or trivial, ROT, data. Having a direct impact on successful data compliance, businesses must get their data in order amid the enforcement of the new Dubai International Financial Centre Data Protection Law, DPL 2020. Following on from the Veritas Middle East Databerg Report launched last year, the new findings revealed that 75% of the data stored by the surveyed organisations in the UAE is dark and ROT, 33% being dark and 42% being ROT. Although a significant drop from last year’s 88%, ROT data still increased by 1%, rising to 42% of an organisation’s stored data.
One of the main reasons for the limited progress of companies in the UAE towards understanding their data may be the seismic shift towards working from home. With organisations focused on ensuring employees are connected remotely, much of the efforts of IT departments went towards dealing with the shift. The UAE businesses surveyed also shared concerns about new compliance challenges stemming from a growth in employee shadow IT software. 47% of respondents said that they believe employees working from home might have started using at least two new cloud-based software on their devices.
With the DIFC Data Protection Law, DPL 2020 having come into force on 1 July 2020, and the three-month grace period for businesses to comply with the law now having come to an end, companies that operate in the DIFC and, more importantly beyond, must address the requirements of DPL 2020 or risk fines for non-compliance that range from $10,000 to $100,000. Since the survey suggests that most companies in the UAE are prone to data-hoarding with minimal visibility, they will need to encourage data responsibility and implement the latest data management tools in order to achieve compliance with the DIFC.
However, the law is not limited to those businesses operating within DIFC. A key feature of the new law is its extraterritorial reach, applying to the processing of data by a controller or processor incorporated in the DIFC, regardless of whether the processing takes place in the DIFC. Although not as expansive as the GDPR, the DPL 2020’s international reach means that businesses operating across Dubai will now have more reason to focus on having a data management strategy in order to ensure data compliance is taking place within an organisation, both from an operational and cultural perspective.
For this reason, Veritas recommends that businesses establish and implement data maps and policies, increase data visibility throughout the organisation, establish proper protection and breach protocols and minimise their data load as much as possible, for a cleaner slate. It’s important not so see the DPL 2020 law simply as a compliance challenge though, since it will actively benefit companies in a range of ways. Not only will the implementation of DPL-compliance projects encourage more businesses to manage data effectively, they will also increase companywide efficiency, provide competitive advantage, and protection against malware attacks.
Johnny Karam, Regional Vice President, Veritas, Emerging Region, said: “The first step on the road to compliance with data regulations is knowing what data you have and where it is. Without that insight, it’s practically impossible to be able to ensure that data is being stored, processed and deleted in line with the law. Our survey shows that, whilst businesses have started on the journey understanding their data, they still have a long way to go. It suggests that businesses still don’t even know what one third of the data they are storing is, and 42% of it should probably have been deleted. UAE businesses need to get ahead of this challenge if they are to avoid the fines that come with failing to comply with the DIFC regulation.”