How Top Backup and Disaster Recovery Vendors are Responding to GDPR

How Top Backup and Disaster Recovery Vendors are Responding to GDPRGDPR is now in effect, and if businesses aren’t already compliant with the new regulations, they are scrambling to get to that point. The steep fines in place as a penalty for not meeting regulation standards are as good an incentive as any to be compliant, though they are daunting. Backup and Disaster Recovery vendors are needed for GDPR compliance in order to protect personal data from damage, loss, or a breach. Without these capabilities, businesses are at risk of incurring those severe fines.

The Information Commissioner’s Office (ICO) states that when reporting a breach to the authorities, you must provide:

  • A description of the nature of the personal data breach including, where possible:
    • The categories and approximate number of individuals concerned; and
    • The categories and approximate number of personal data records concerned;
  • The name and contact details of the data protection officer (if your organization has one) or other contact point where more information can be obtained;
  • A description of the likely consequences of the personal data breach; and
  • A description of the measures taken, or proposed to be taken, to deal with the personal data breach, including, where appropriate, the measures taken to mitigate any possible adverse effects.

With all of that taken into account, it’s clear that a thorough backup and disaster recovery (BUDR) solution will be crucial in the new age of GDPR. It’s important to learn how BUDR providers are responding to the new regulation, as it speaks to the amount of assistance they can provide. We’ve compiled responses from the top BUDR providers, Dell EMC, IBM, and Commvault.

Dell EMC

Dell EMC provides information concerning GDPR on their page dedicated to the subject. The page provides white papers and infographics on how to prepare for GDPR, as well as links to Dell EMC’s security solutions. Additionally, the vendor offers a free evaluation of your organization’s security and data protection capabilities.

In a conversation about GDPR, vice president of client software and general manager of data security at Dell, Brett Hansen believed that the regulation is an opportunity to re-evaluate and ask questions, such as, “What is our data security policy? Are there practices we want to implement? How are we ensuring the security and protection of data throughout its lifecycle?”


IBM has also created a comprehensive page dedicated to GDPR. This page offers a GDPR readiness assessment in addition to a general overview of GDPR, along with a number of resources containing more information on the subject. The vendor also makes note of the services it can provide in the process of becoming compliant, which include security, analytics, cloud, and data storage.

IBM made a statement about its commitment to GDPR readiness, which read, “as part of IBM’s ongoing commitment to privacy by design, IBM has embedded data protection principles even more deeply into its business processes, products, and services so that our clients can better meet their own data protection objectives.”


Like the above vendors, Commvault has a section of its website devoted to GDPR. The page offers webinars on the subject, as well as a white paper which suggests software and cloud providers to consider to assist in meeting GDPR compliance needs. In addition to this, the company outlines the ways it supports compliance through sensitive data governance, data protection solutions, and compliance searches.

According to Commvault, “data privacy, whether driven by GDPR or any of the global legislations, is just the right thing to do and should be treated as a cornerstone of your data management strategy. With changing expectations for the collection, storage, and handling of personal data, can you trust your assumptions about regulatory readiness?”

Tess Hanna
Follow Tess