As MENA moves to cloud, CIOs look to keep data in-country, study shows

With cloud adoption fast on the rise throughout the Middle East and North Africa, GDPR compliance is starting to loom top of mind for IT leaders.

Eighty-four percent of organizations in the Middle East are currently using the cloud or planning to adopt cloud computing in the next 12 to 24 months , according to the Ponemon Institute’s 2019 Middle East Encryption Trends report.

The move to the cloud is picking up speed particularly in the UAE, where locally based cloud options for the private and public sector alike are expanding as tech giants like Microsoft, Oracle and Amazon launch in-country options.

There’s a reason for the rush to build data centers in the UAE: A recent report released by market research firm YouGov found that eight out of 10 UAE IT leaders surveyed agreed that data sovereignty — keeping data local in an effort to enhance control and security — is “somewhat” or “very” important.

While there is no overarching federal data privacy or protection laws governing data in the country, much of the IT leadership of the UAE is tasked with ensuring compliance with the European Union’s General Data Protection Regulation (GDPR). While the EU’s GDPR applies to EU citizens and companies, it also applies to any entity that interacts with EU organizations.

The regulations also address the exportation of personal data outside the EU, leaving multinational CIOs obligated to comply with the rigorous requirements of the GDPR. The UAE is a hub for foreign entities doing business in the Middle East, with Dubai alone hosting 155 regional and sub-regional business headquarters that oversee activities for foreign companies. 

“GDPR compliance is a priority for UAE organizations, as any European Union employee, or customer or partner engagement requires GDPR compliance,” explains Marita Mitschein, Senior Vice President – Digital Skills, SAP South Europe, Africa and Middle East, and Managing Director of the SAP Training and Development Institute.

As any entity found in violation of GDPR could face fines of up to 4 percent of their global annual revenue or €20 million, whichever is greater,  the impetus to bring organizations in the UAE up to compliance is strong.

“With GDPR, organizations need to know how their employee, customer, and partner data is stored, tracked, and secured. In-country data centers provide full data visibility and security, compared to public clouds that may store data in a variety of countries, and security is often up to each customer,” Mitschein said.