GDPR and your backup data

/, Technology News/GDPR and your backup data

GDPR and your backup data

With the deadline for  GDPR looming it’s a very hot topic with considerable implications for businesses, so let’s focus on how your organisations backup data is also subject to the new regulations.

Location of your backup data.

Many businesses use cloud hosted backups as a convenient and secure way of ensuring their backup data is stored safely off site. Such organisations may be unwittingly storing their data outside of the EU and this can be a problem.

According to the official guidelines from the Information Commissioner’s Office (ICO): “Personal data may only be transferred outside of the EU in compliance with the conditions for transfer.”

So let us take the multitude of backup services based in the USA.  If you have any data storage or processing taking place on US servers, you need to ensure that the provider is certified compliant with EU-US Privacy Shield or you risk a fine of up to €20 million, or 4% of the worldwide turnover (whichever is greater). Conveniently you can check your provider status here  It is worth checking this regularly, as statuses can and do change

Data retention and the Right to Erasure

Under the new regulations, individuals have more control over their personal data and can request data removal from an organisations systems, which you must comply with (unless any legal requirements apply) . This includes all current processing systems and archives and backups (including paper archives).

This can be a complex process, for example, you may have a tape backup from 2014, with a customer database stored on it. It may be important to keep that copy from that particular time, but removing (or anonymising) one record of personal information may be difficult, so you may be forced to destroy the whole backup or incur a fine.

To avoid situations such as this, businesses must review their data retention policies and must keep personal data for only as long as is legally necessary.

For more information on protecting your business from cyber security threats, advice on PCI and GDPR compliance and disaster recovery contact CloudSpark at or call 01603 673160

Under the new GDPR regulations, Directors of companies which process personal data (including CCTV recordings) will need to take a much more robust approach to personal data management and cyber risk to avoid finding themselves exposed personally.

CloudSpark Solutions Ltd provides a complete suite of IT solutions from cloud computing support and development, security and disaster recovery advice to fully managed traditional IT Support.

BitDefender - Managed Anti Virus and Cyber security
By |2018-04-05T11:25:16+00:00April 5th, 2018|Categories: Security, Technology News|Tags: , |0 Comments
This website uses cookies and third party services. Ok