By: Ibrahim Alshamrani, Chief Security Officer, Huawei Saudi Arabia
Everything that is connected—including our personal devices, autonomous machines, industrial equipment, and more—creates masses of data every day. As Saudi Arabia’s digital economy continues to diversify and grow in line with Vision 2030 ambitions, more and more data will be generated. This data will need to be properly analyzed to produce insights that will enhance Saudi society to its full potential. But while processing this data, protecting it through strong governance is absolutely critical to safeguard individuals, corporates, and the country as a whole.
Saudi Arabia’s government has taken a strong stance towards data governance by establishing the National Data Management Office (NDMO) under the umbrella of the Saudi Authority for Data and Artificial Intelligence (SDAIA). The NDMO recently started releasing data governance regulations including the National Data Governance Interim Regulations. These regulations lay the foundation for a society that is empowered and enabled by data, while also securely protected under a clear, transparent framework. It is a significant step forward that will impact Saudi’s technology sector as well as nearly every other industry in the Kingdom.
But what exactly is data governance, and why are the new NDMO regulations necessary? In short, data governance manages the assurance, integrity, security, value, and availability of data. This will allow Saudi Arabia to follow the same lines as the European Union and its General Data Protection Regulation (GDPR) regulation, which introduced accountability and protection principles for anyone who processes personal data, such as businesses. It ensures that individuals have control over their personal data. In Europe, as elsewhere, the public and private sectors have now recognized that personal data is owned by the individual, not the companies, and that they have to adhere to that.
This is relevant to everyone in the Kingdom as we are all sources of data. Most likely you’ve been asked to accept cookies on a website. Cookies are harmless, but they do store data that can enable you to access certain website features, save your preferences, provide website owners with information on how users navigate their sites, and for marketing purposes. By accepting cookies, you give permission for your personal data to be used in this way.
The NDMO’s new regulations will ensure that this type of data and others will be protected. The regulations cover not only how to classify data, but what unique protections there should be on personal data, how data should be shared, and what data remains open to the public. These Kingdom-wide standards will increase compliance and transparency, which will lead the way towards leveraging data as a core component of socio-economic development, innovation, and national competitiveness.
Getting everyone on board is therefore a priority. Businesses in the Kingdom should consider their time in understanding and abiding by the NDMO regulations as an investment in a successful future, as compliance will give their customers increased confidence. Ultimately, the National Data Governance Regulations will contribute towards achieving a robust digital ecosystem that can drive economic diversification and national development. Establishing a culture of openness and transparency throughout the technology sector will fast-track the deployment of intelligent solutions enabled by data.
Cyber security and privacy protection are the foundation of our shared future. They present challenges that governments, carriers, network equipment providers, and a broad range of third parties need to work together to address. Effectively protecting user privacy requires advanced technologies. Governments and companies should leverage industry-leading security technology to protect personal data, safeguarding privacy while improving user experiences.
Ensuring cyber security is a shared responsibility, requiring unified standards, independent verification, and a whole-of-society approach. Both trust and distrust should be based on facts. Facts must be verifiable, and verification must be based on unified standards. This will ensure fair and objective assessment, and enable organizations to choose products that have passed required security verifications.
In the globalized digital era, security and trustworthiness are the cornerstones of a fully connected, intelligent world. We need to work together – as an industry and society as a whole – to develop a fact-based, risk-informed, and verifiable cyber security management system. By working together as partners within the public and private sectors, under the guidance of the National Data Governance Interim Regulations and other coming regulations, we can capture the true value of data and accelerate Saudi Arabia’s digital transformation.