Why you need 2 factor authentication/MFA
Two factor authentication, also known as MFA (multi-factor authentication), adds an extra layer of security to your online accounts. Instead...
The Data Protection Law came into effect March 2nd 2022. Data protection laws in the UAE are not new for some organisation as specific sectors such as financial and healthcare has laws already in place by the regulatory bodies of those sectors.
Globally there are laws like the EU’s GDPR (General Data Protection Regulations), which have been around for some time, and have set the standard for many countries looking to adopt the privacy and data of their people.
The laws will be welcomed by the public, and organisations need to act to ensure their compliance. This included how it stores, where it stores and how it shares their data.
There are two roles that companies can be in in any data protection regulation and often can be both. A data controller is a person or entity that processes personal data and the purpose for the purposes of business, for example, a Real Estate company dealing with the sale and purchases of a property, whilst hold data on any individual and will process that data as part of its organisation’s objectives.The processor processes the personal data on behalf of, under the direction of and in accordance with the instructions of the controller. This could also be the same Real Estate company who receives data from another real estate company in the transaction of that property. So, an organisation can be one of these or even both of the roles.
Personal data covers any data of a natural person identified directly or indirectly by linking data. It covers, without limitation, name, voice, picture, identification number, electronic identifier, geographical location or one or more of the natural person’s medical, economic, cultural and includes sensitive personal data.
Sensitive personal data covers data that directly or indirectly reveals the ethnicity, political or religious beliefs, criminal record, biometric data and any data relating to a person’s health.
Yes. The Law has identified a list of information that a person/subject can request from a data controller. The data controller can, in limited circumstances, reject a request, for example, where the information is not covered under the Law, where the request is overly repetitive, conflicts with judicial procedures or investigations could adversely impact the data controller’s information security efforts or affects the privacy and confidentiality of others’ personal data.
Data Controllers are required to assess processing operations that utilise technology that could pose a high risk to the privacy of personal data. Assessments will be required where automated processing of data is used, such as profiling, or should large volumes of sensitive personal data be processed. The DPO (Data Protection Officer) will be responsible for overseeing these assessments.
The Data Office will be a separate government organisation and the Data Office objectives are to ensure the protection of Personal Data and is affiliated with the Cabinet. The Data Office is responsible for:
Two factor authentication, also known as MFA (multi-factor authentication), adds an extra layer of security to your online accounts. Instead...
There is no doubt that cybersecurity is a big concern for businesses and individuals alike. With so much at stake,...
As internet usage continues to increase, it is important for individuals and businesses alike to prioritize cyber security. Here are...