With cloud adoption fast on the rise throughout the Middle East and North Africa, GDPR compliance is starting to loom top of mind for IT leaders.

Eighty-four percent of organizations in the Middle East are currently using the cloud or planning to adopt cloud computing in the next 12 to 24 months , according to the Ponemon Institute’s 2019 Middle East Encryption Trends report.

The move to the cloud is picking up speed particularly in the UAE, where locally based cloud options for the private and public sector alike are expanding as tech giants like Microsoft, Oracle and Amazon launch in-country options.

9 warning signs of bad IT architecture and see why these 10 old-school IT principles still rule. | Sign up for CIO newsletters. ]

There’s a reason for the rush to build data centers in the UAE: A recent report released by market research firm YouGov found that eight out of 10 UAE IT leaders surveyed agreed that data sovereignty — keeping data local in an effort to enhance control and security — is “somewhat” or “very” important.

While there is no overarching federal data privacy or protection laws governing data in the country, much of the IT leadership of the UAE is tasked with ensuring compliance with the European Union’s General Data Protection Regulation (GDPR). While the EU’s GDPR applies to EU citizens and companies, it also applies to any entity that interacts with EU organizations.

The regulations also address the exportation of personal data outside the EU, leaving multinational CIOs obligated to comply with the rigorous requirements of the GDPR. The UAE is a hub for foreign entities doing business in the Middle East, with Dubai alone hosting 155 regional and sub-regional business headquarters that oversee activities for foreign companies.