Icon fb Icon twitter Icon yt Linkedin icon

Impressions #

4 Million

/

Media Coverage #

350


Wednesday, March 14, 2018 - Dubai

General Data Protection Regulation for Security in the Middle East and Africa

Mazen Dohaji, Regional Director for the MENA Region, LogRhythm

177 /

Page views

Logrhythm 2018 3 14 arabian business arabic interview

What does GDPR mean for regional organizations and why is it important for them to adopt?

The EU’s new GDPR is the most significant change to data protection laws in over two decades, and organisations that do business in the EU, and handle the data of EU-based individuals, must be in compliance with this new regulation. Essentially if a business offers products to individuals within the EU, or ‘monitors’ their behaviour, it must comply with the GDPR. A wide range of automated analytical techniques fall under the domain of ‘monitoring’, including the use of cookies, logging IP addresses or obtaining location data via a mobile app. Retailers – such as airlines, hotels and others in the hospitality industry – in particular need to be aware that the use of such practices brings them within the scope of the GDPR. All organisations in the Middle East with any connection to Europe – whether through customers, affiliates or business partners – should be considering the impact of the GDPR. Many security experts also believe that compliance with the GDPR could lead to stronger data security practices in the region.

What can organizations do to assess where they are in terms of GDPR readiness and how do you engage with customers to help them prepare for, and implement GDPR?

In some cases, GDPR compliance will supplement existing measures that organisations in the region adopt to comply with local regimes, such as the DIFC Data Protection Law and Abu Dhabi Global Market’s Data Protection Regulations. But companies that don’t have adequate privacy assessment and compliance processes in place will likely have to re-engineer their processes and information systems to ensure compliance.

Earlier this month LogRhythm released its GDPR Compliance Module – a fully integrated security solution for achieving and validating GDPR compliance. By implementing this module organisations can protect their customers’ personal data, avoid negative publicity, prevent loss of customer confidence and avoid fines. And as with all of LogRhythm’s compliance modules, the GDPR Compliance Module is offered at no additional charge to LogRhythm’s customers.

What tools and services do you offer to support their GDPR requirements?

LogRhythm’s GDPR Compliance Module offers a robust, pre-built suite of rules, alerts, and reports specifically mapped to GDPR articles. This module is the first such solution on the market that offers an integrated approach towards demonstrating compliance with technology-focused GDPR articles. Organisations implementing the module can realise immediate benefits, thanks to the suite of pre-built content that delivers a more efficient and effective solution over manual processes and other technologies. Essentially, LogRhythm’s GDPR module delivers strategies and approaches for managing data; it empowers organisations to kick-start their compliance programme.

What kind of investment is required for an organization to be GDPR compliant?

Ensuring compliance with the GDPR promises to be a major operational and technological exercise for all organisations within its scope. Given the breadth of the GDPR, no single solution provides automatic compliance with all aspects of the regulation. In fact, there are more people and process requirements to the regulation than technology. The kind of investment to achieve GDPR compliance standards will depend on the processes an organisation already has in place, but active participation, assessing information security risk areas, building respect for privacy into the culture, and incorporating a commitment to security governance as part of a strategic plan will go a long way towards compliance.

What are the challenges that you see in the regional market to GDPR implementation?

Because the Middle East’s privacy and breach notification regulations are in general less strict and detailed than the GDPR, the region’s organisations will certainly face some challenges. Unfortunately, security experts in the region claim there is a lack of awareness among many companies about the tougher requirements of GDPR – and who must comply. Meanwhile, organisations will have to demonstrate their ability to manage and protect personal data, scale up investment in data protection, devise ways to report breach incidents within the required 72 hours, and determine who will take the lead role in data protection and privacy.

To help prepare for GDPR compliance, organisations in the region need to adopt security controls, such as encryption and access restriction, along with on going monitoring of data access. It is also essential to conduct a privacy impact assessment identifying and assessing privacy risks.

Do you have any compliance solutions to address these challenges and help organizations meet data protection and regulatory standards more easily?

LogRhythm’s Compliance Module is included free of charge for LogRhythm Threat Lifecycle Management platform customers. The module utilises several unique LogRhythm capabilities such as GeoIP Configurations, Machine Data Intelligence (MDI) Fabric, AI Engine and Risk Based Prioritization. With the LogRhythm GDPR Compliance Module, organisations will be better able to protect their personal data, ultimately avoiding fines, a damaged reputation, and loss of customer confidence through 16 technology-focused GDPR Articles therefore making it easier for organisations to meet and exceed regulations.

E-MAIL US: info@tcf-me.com

Don’t miss any of our latest BUSINESS NEWS from the Middle East by SUBSCRIBING to our business news alerts.

Download Story
×
  • Email sent successfully!

Icon fb Icon twitter Icon gplus


Media Coverage