Posted On 4/8/2018
ADCCG organizes a seminar on Managing Cyber Security
The Abu Dhabi Centre for Corporate Governance, ADCCG, a subsidiary of the Abu Dhabi Chamber of Commerce and Industry, ADCCI, has organized, in cooperation with Control Risks, a seminar, entitled, "Managing Cyber Security: The things that the Board of Directors must be aware of," at its headquarters, with the attendance of representatives of private sector institutions who are concerned about corporate governance issues.
William Brown, Director of Crisis and Resilience Consulting in the Middle East and North Africa at Control Risks, stated that cyber security is a key element of business risks, and presented those issues related to corporate governance that concern boards of directors. He also discussed the role of vetting and risk committees in understanding and managing the cyber risk profiles of institutions, as well as international and regional feedback and research related to cyber security.
He added that cyber-attacks have become semi-routine and many leading financial institutions in Gulf Cooperation Council countries, GCC, aim to increase their investment in cyber security to protect the confidentiality of their clients, as well as their rights and investments from these attacks.
He explained that the European General Data Protection Regulation, GDPR, which will come into force in May 2018, aims to protect the data of all individuals in the European Union, EU, and all companies in the Middle East with European clients will be affected. Therefore, it was decided to include it as part of the data protection regulations of the Dubai International Financial Centre and Abu Dhabi’s international markets, he added, while highlighting its necessity, in recognition of the rights of EU citizens to protect their personal data.
Brown pointed out that some of the key requirements of the GDPR include the completion of a comprehensive data evaluation, to achieve total data protection compliance, and the adoption of stricter policies to manage data, such as the presence of a data protection officer with the ability to control, manage and use data, as well as to generate and provide reports to stakeholders. The officer must also respond to requests for personal information or data to prevent the automatic reporting of security breaches, he added, while highlighting the necessity of increasing penalties for relevant violations to $20.1 million, or four percent of businesses.