Calls for GCC-wide data protection law as breaches rise
With the GDPR (General Data Protection Regulation), the EU seems to be leading the charge on data privacy and protection, and it would be a positive move for all countries to elevate their local data protection and privacy regulations to follow the GDPR approach, security experts said.
“It is indeed an appropriate time for a data protection law to be enforced stringently (the likes of GDPR). A GCC-wide data protection law will surely benefit the countries within and consumers at large, said Anoop Ravindra, IT GRC Practice Head for ProVise GRC Labs in the Middle East.
The GDPR is a good practice and strengthens the own data protection policy. There are various kinds of data protection laws in each country in the Gulf but they don’t have a collective law, said Amit Roy, executive vice-president and regional head for EMEA at cybersecurity firm Paladion.
“It would be a positive step for the Gulf to have a common data protection law. The GDPR is important and a lot of movement of people and data happen in the EU,” he said.
The Middle East has seen a spike in the number of breaches in the last few years and last year it was among the top five regions facing the most breaches and cyber-attacks.
Over 90 per cent of cybercrime exploits begin with email, making it the single biggest threat vector to organisations and the data they manage. Furthermore, email is not only a common vehicle to share and exchange personal data, email servers are prime repositories for such data as names, email addresses and associated contact information. It is, therefore, essential that organisations have the right measures in place to ensure their email is cyber resilient and ultimately prepared for GDPR.
Barry Scott, CTO for Centrify EMEA, said that the mandatory breach notification clauses included in the GDPR will ultimately be positive and will improve attitudes to security and reduce the number of breaches.
“Let’s hope this leads to systems being made secure by design, rather than partially secured in response to an auditor pointing out a specific flaw, or a breach taking place,” he said.