by Annie Bricker

As MENA moves to the cloud, CIOs look to keep data in-country

News Analysis
Jul 22, 2019
Cloud ComputingComplianceData Center

Enterprises are ramping up cloud applications, and with GDPR in play, data sovereignty is big on the IT agenda.

CSO > cloud computing / backups / data center / server racks / data transfer
Credit: gorodenkoff / Getty Images

With cloud adoption fast on the rise throughout the Middle East and North Africa, compliance with the EU’s GDPR looms top of mind for IT leaders, spurring a move to host data in-country to meet security requirements.

Eighty-four percent of organizations in the Middle East are currently using the cloud or planning to adopt cloud computing in the next 12 to 24 months , according to the Ponemon Institute’s 2019 Middle East Encryption Trends report.

The move to the cloud is picking up speed particularly in the UAE, where locally based cloud options for the private and public sector alike are expanding as tech giants like Microsoft, Oracle and Amazon launch in-country options.

CIOs report concern for keeping data local

There’s a reason for the rush to build data centers in the UAE: A recent report released by market research firm YouGov found that eight out of 10 UAE IT leaders surveyed agreed that data sovereignty — keeping data local for greater control and security — is “somewhat” or “very” important.

While there are no overarching federal data privacy or protection laws governing data in the country, much of the IT leadership of the UAE is tasked with ensuring compliance with the European Union’s General Data Protection Regulation (GDPR). While the EU’s GDPR applies to EU citizens and companies, it also applies to any entity that interacts with EU organizations.

The regulations also address the exportation of personal data outside the EU, leaving multinational CIOs obligated to comply with the rigorous requirements of the GDPR. The UAE is a hub for foreign entities doing business in the Middle East, with Dubai alone hosting 155 regional and sub-regional business headquarters that oversee activities for foreign companies. 

GDPR is a priority for Middle East businesses

“GDPR compliance is a priority for UAE organizations, as any European Union employee, or customer or partner engagement requires GDPR compliance,” explains Marita Mitschein, senior vice president for Digital Skills, SAP South Europe, Africa and Middle East, and Managing Director of the SAP Training and Development Institute.

As any entity found in violation of GDPR could face fines of up to 4 percent of their global annual revenue or €20 million, whichever is greater,  the impetus to bring organizations in the UAE up to compliance is strong.

“With GDPR, organizations need to know how their employee, customer, and partner data is stored, tracked, and secured. In-country data centers provide full data visibility and security, compared to public clouds that may store data in a variety of countries, and security is often up to each customer,” Mitschein said.