Pakistani banks urged to comply with EU’s GDPR rules, ensure cyber safety

KARACHI: Pakistani banks need to operate in compliance with the European Union’s (EU) new personal data protection rules, as ignorance may lead them to troubled lands, a speaker at the International Information Security Conference said on Thursday.

“I believe most of the banks in Pakistan already have an understanding about the banking system under GDPR (EU new data privacy rules),” IBM Technical Security Sales Specialist Afzal Rehman said while speaking at the 10th International Information Security Conference.

He elaborated that banks are the entities which control personal data of their clients. They may interact with European Union’s clients directly or indirectly (through a third party) to process a financial transaction. In both the cases, they need to follow the regulations. “If you need to interact with any EU data, you need to follow the regulations – doesn’t matter if you are data controller or a data processor,” he said.

He elaborated that noncompliance may cost the EU data interacting companies to pay 4 per cent of their global annual turnover or 20 million euro, whichever is the higher amount.

The EU implemented the new rules; General Data Protection Regulation (GDPR) with effect from May 25, 2018.  The rules gave full control to individuals whether they want firms to retain or delete their personal information they provided to use their products. Implementation of the rules had temporarily made some high profile US companies’ websites unavailable to the 28-nations bloc due to the then compliance crisis.

A number of international and local ICT (Information and Communications Technology) security experts spoke at the one-day conference organised by Total Communications in collaboration with IBA, FIA, EY, ISACA and Digital Array.

They said the challenge of protecting data has been becoming complicated with the passage of time despite firms spending billions of dollars to boost cybersecurity. The number of incidents of cyber thefts has been multiplied over a period of time.

“Cyber criminals looted $400 billion in 2014. They made the world deprived of $600 billion in 2017,” Habib Bank Limited Chief Operating Officer Sagheer Mufti informed the audience. “Our job is to not let that happen.”

He urged organisations to have disaster recovery and business continuity plans in place, as everyone is at risk of cybercrime and anyone can be hacked. “Data protection is not a tech problem (alone), but this is a (corporate) governance issue which needs to be tackled every day and every minute.”

ISACA President Hussein Hassanali said that the digital transformation has increased the vulnerability of big data and demand highly skilled professionals to make daily life hassle-free. “The world is short of two million ICT professionals…Pakistan has potential to fill a part of the vacuum.”

Forcepoint Senior Sales Engineering Manager MENA, Ozgur Danisman said that “the incident of cyber security breach has increased 126 per cent in the last five years despite increased spending on the security maintenance.”

He said the breach has increased due to organisations spending on unwanted security features. Instead, they should deploy only those security features which are needed from time to time. “GCC spend on cybersecurity has grown to $1.8 billion, but on wrong things,” he said.

IBM MEA Security Technical Manager, Andries Lategan said that 2017 was a tough year. Family members and friends in almost every circle have been affected by cyber attacks during the year. “Equifax (a US credit bureau) breach exposed data for 143 million consumers (in 2017),” he said.

He said that there is a great need to address ICT fundamentals through improving working culture and collaboration among staffers at the organisations to mitigate the cyber attack risk.

IBAICT and CICT Director Imran Batada said that the big data management industry is growing at a rapid pace. “ICT security has become a billion dollar industry.”

Must Read