[导读:作为国家网络安全战略的一部分,阿联酋计划于今年出台一部数据保护法,该法将参考包括欧盟《通用数据保护条例》(GDPR)在内的全世界的最佳实践。随着国家进入5G时代,阿联酋通信管理局(TRA)启动了2020-2025战略,以应对阿联酋可能出现的网络安全事件。TRA政策与计划部部长Al Zarooni指出,对于该项战略而言,数据隐私至关重要。(本文源自TechRadar网站,作者Naushad K. Cherrayil。)]
The UAE is looking at implementing a data protection law, similar to EU’s introduction of General Data Protection Regulation (GDPR) in 2008, as part of the UAE National Cybersecurity Strategy.
TRA has launched the2020-2025 strategy as the country is entering the fifth-generation era in a bid to enable swift and coordinated response to cyber incidents in the UAE. “Part of the strategy is that data privacy is crucial to the cyber and the UAE is regulating and drafting a data protection law. We will look at the best performing practices performed worldwide; GDPR will be one of the inputs to it. We want to make sure that whatever regulations are put, are easy to be implemented across differentsectors,” Mohammad Al Zarooni, Director of Policies and Programs Department at Telecommunications Regulatory Authority (TRA) of the UAE, told TechRadar MiddleEast, at an event.
Bahrain has launchedits Personal Data Protection Law and more countries in the region are expected to follow. Phil Mennie, director for digital trust at consultancy firm PwC, said that the demand for privacy expertise exploded after the introduction of GDPR.
“Large organisations are impacted by the GDPR but we observed, unlike in Europe where privacy has been atopic for a very long time, in the MiddleEast there is a lower understanding of how privacy impacts organisations,” he said.
Mennie said that the UAE law is expected this year and in Saudi Arabia, it is expected this year or next year.
GDPR has a ceiling of4% of global annual revenues or up to 20,000 euros if a breach is not reported within 72 hours. Regarding this, Al Zarooni said that the authority needs to protect people’s data as regulation and, at the same time, doesn"t want to put a lot of burden on the economy to be compliant with such regulations.
Moreover, he said that there are some talks about a unified GCC law but “I believe that most of the regulations worldwide will be more or less the same, some will be more stringent and some will be relaxed. One unified GCC law might be good but it will be challenging to come up with”.
Nine critical infrastructures get priority
As part of the new UAE cybersecurity strategy, Al Zarooni said that 60 initiatives will be executed in a three-year timeframe but importance will be given to nine critical infrastructures such as government, energy, ICT, electricity and water, finance and insurance, emergency services, health, transportation, food and agriculture, through five pillars.
These pillars are:
· To enhance cybersecurity laws
· Regulations to address all types of cybercrimes
· Secure existing and emerging technologies and support protection of SMEs by developing essential cybersecurity standard for SMEs,
· Mandate cybersecurity implementation certification for government suppliers,
· Builda one-stop portal for SMEs to enable them to implement the standard.
Moreover, Al Zarooni added that some of the frameworks for the emerging technologies such as internet of things, cloud computing, AI and Blockchain are already in thedrafting phase and depends on the mass execution of such technologies within the country.
“The cybersecurity law can’t be a standalone and will be there to strike a balance between the usage and the benefits versus therest of the technologies,” he said. The reason for this strategy, he said, is due to the rising cybercrimes in the country.
Lucrative opportunities
According to researchfirm Cybersecurity Ventures, cyberattacks are the fastest growing crime and areincreasing in size, sophistication and cost. Cybercrimes are expected to cost the world $6 trillion annually by 2021, upfrom $3 trillion in 2015, while the cybersecurity market is expected to experience a 12-15% year-over-year growth through 2021.
The authority is enabling the ecosystem to capture the huge cybersecurity opportunities available – AED 1.8b UAEcybersecurity market and the AED 18b Middle East and North Africa market.
Hamad Obaid AlMansoori, Director General of TRA, emphasised the need for a nationalcybersecurity strategy as a main element in risk prevention and preparednessfor security challenges in cyberspace.
“If we want to draw afuture perception of the UAE, years from now, we would see the features of the smart city where millions of devices and platforms are connected, producing massive amounts of data, many of which will be at risk of piracy or privacy violation,” he said.
He added that the strategy has been developed based on the analysis of more than 50 sources of indicators and international publications, in addition to working with a team of international experts and benchmarking with 10 leading countries in cybersecurity systems.
Moreover, he said the strategy will also work on developing capabilities of more than 40,000 cybersecurity professionals, by encouraging professionals and students to pursue a career in cybersecurity, developing necessary cybersecurity capabilities to meet aspirations of the country, and fostering an ecosystem of cybersecurity training providers.
声明:本文来自个人信息与数据保护实务评论,版权归作者所有。文章内容仅代表作者独立观点,不代表安全内参立场,转载目的在于传递更多信息。如有侵权,请联系 anquanneican@163.com。
