Why your business may not be security compliant and what to do about it

Why your business may not be security compliant and what to do about it

In 2021 the UAE announced a new federal data protection law that came into force on 2nd January 2022. Executive regulations are due to be announced in March and then companies will have six months to comply with the laws (although this period can be extended by cabinet decision).

Who does the law apply to?

The law applies to all businesses in the UAE that are processing the personal data of residents of the of country. Businesses who collect data from UAE residents on behalf of other companies also need to be compliant with the new regulations.

Government entities, health organisations and credit bureaus will not be subject to the law. Businesses based in Dubai International Financial Centre and Abu Dhabi Global Market are also exempted as they have their own data protection regulations.

What is covered?

There is a broad range of data that will be covered under the new decree, mostly personal and sensitive data. The following are covered:

  • Name
  • Voice
  • Picture
  • Identification number
  • Race
  • Ethnicity
  • Religion
  • Sexual preference
  • Biometric data
  • Criminal record
  • Health records
  • Geographical location

Corporate Obligations

The law defines what businesses need to do to comply with the Personal Data Protection Law:

  • Comply with new controls for the processing of personal data
  • Secure personal data and maintain its confidentiality and privacy
    Only collect data for a specific and clear purpose
  • Refrain from processing of data without consent
  • Amendments and erasure of data at subject's request
  • Cessation of processing data at subject's request
    Comply with cross border sharing policies

The basic principles of the law are largely consistent with global data protection regulations such as the GDPR law and more details are expected in the coming weeks.

How Orixcom can help?

Keeping data secure and confidential is one of the key obligations of the new Personal Data Protection Law. If your network is not using the latest technology to secure it there's a high risk your data could be compromised leading to you falling foul of the regulations. At Orixcom our recommendation for highly secured networks is to move to an is overall SASE solution (Secure Access Service Edge), such as Cisco Umbrella. Within this journey there are several elements required to secure different vulnerable aspects of data, such as deploying strong multi-factor authentication before granting access to applications that may contain personal information. As well as verifying your users' identities this can also check the security hygiene of devices. Duo is an excellent example of a best-in-class MFA security solution that can be deployed rapidly.

The complete Managed SASE solution comprises of DNS-layer security, secure web gateway, firewall, cloud access security broker, remote browser isolation, dato loss prevention, multi-factor authentication and cloud malware detection.

Make sure your business is security compliant. Speak to one of our experts today about how we can protect your client's data and secure your network.

orixcom SASE