How GDPR Will Affect Your Backup Strategy

May 25th, 2018.

If that date makes you sweat, you’ve come to the right place. This week, the European Union will be implementing the new General Data Protection Regulation (GDPR) which will affect all businesses with customers in the European Union. While GDPR was first announced back in 2012, it should come as no surprise that a majority of organizations waited until crunch-time to finalize their preparation.

With non-compliance fines reaching upwards of 20 million, it’s no wonder GDPR has many CIOs shaking in their boots. Below, we’ll be taking a look at how the new regulation will be affecting your backup strategy and recovery practices in the coming year. Take a look!

Backup and Recovery will become even more critical under GDPR.

In article 32, the GDPR act mandates a) the ability to restore the availability and access to personal data in a timely manner and b) a process for regular testing, assessing and evaluating the effectiveness of technical and organizational measures. That being said, it’s evident that organizations need to have the necessary backup and disaster recovery strategies in place and test these backup solutions regularly and thoroughly.

Third Party Compliance?

Many organizations will choose to outsource their backup solutions. While this is possible, it’s only a small step in achieving full GDPR compliance. Because this outsourced solution provider will be managing your data, they fall under the term, “data processor”, which in turn means they will be responsible to comply with GDPR as well.

Testing and Regular Backups

It’s absolutely critical that your backup provider tests the effectiveness of their solution on a regular basis. Before signing an agreement with a backup solution, you should consider making sure that the provider holds some Cyber Essentials Security accreditation. If backups are not already automated, it may be a good idea to increase the frequency to keep in line with your live data. Because GDPR requires that organizations have access to the most current data, frequent and regular backups are incredibly important.

Compliance Requires Awareness of the Entire Organization

If your company plans on being 100% compliant with GDPR, it can’t just be a concern for your IT and legal departments. Educating your staff should come as one of your first steps in achieving full GDPR compliance. The Information Commissioner recommends that organizations consider building a data compliance team to ensure that your organization remains compliant.

GDPR is nearly here, and being ready for the shift is imperative. Your organization needs to be aware of all the changes that must be made in order to be compliant, otherwise, you run the risk of incurring incredibly steep fines. To avoid financial loss, keep your backup strategy and disaster recovery practices up to date!