Contact Us: 888 965 9988

Blog & News

How Offsite Backup & DR Can Help Your GDPR Compliance

Mar 19, 2020, 19:10 PM by Dan Timko

From a European resident’s standpoint, the GDPR (General Data Protection Regulation) represents increased data privacy. But for a business like yours — which collects and manages personally identifiable information (PII) for your customers, clients, or patients — this sweeping law has a different meaning.

Specifically, GPDR represents several new obligations for how your organisation must handle the data of any EU resident. If you’re unsure whether or not your business is fully compliant with the law — which in less than two years has already resulted in €400 million in fines against businesses — we’ve outlined some of the GDPR’s key requirements.

(Read the full text of the GDPR.)

5 Processes You Need Right Now to Be GDPR Compliant

  1. Restoring data
    To be GDPR complaint, your company must be able to demonstrate “the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.” (Article 32.)
  2. Securing data
    To comply with the law, your company must conduct a Privacy Impact Assessment (PIA), also called a Data Protection Impact Assessment (DPIA), if you handle PII that is considered high-risk for breaches. An example would be if your company maintains personal medical, legal, or financial information about your clients or patients. (Article 35.)
  3. Purging data
    Your company needs to have processes in place to honor an individual’s “right to be forgotten.” This means you need to erase that individual’s PII from your systems “without undue delay” if maintaining that personal data is no longer necessary for the purposes for which it was collected, or if the individual withdraws consent for your company to have it. (Article 17.)
  4. Obtaining consent
    Your company needs to update its consent forms and any other documentation you use to obtain approval customers’ approval to process and store their personal data. The new documents and forms you use to obtain such consent will need to be clear and written in plain language — and they will need to make withdrawing consent as simple as giving it. (Article 7.)
  5. Granting access
    You must implement policies to provide individuals (“data subjects”) confirmation as to whether or not their personal data is being processed by your company, where, and for what purpose. You will also be required to provide your customers a copy of whatever personal data relating to them you are maintaining, free of charge, in electronic format. (Article 15.)

As you can see, bringing your company’s data environment into alignment with GDPR can’t be handled in a single “increase data privacy” step. It requires implementing several new processes and technologies to make sure the PII data your organisation manages is:

  • Secure and encrypted at all times
  • Backed up, accessible, and easy to restore at all times
  • Capable of being completely and permanently removed from your data environment, if a customer demands it

The Answer: Cloud Backup and DR from Veeam and KeepItSafe

Making sure your organisation meets these and dozens of other demands for GDPR compliance is going to require at least two types of help:

First, you’ll need the right technology.

As more than 350,000 enterprise customers around the world will tell you, the right technology comes from Veeam, the world’s #1 provider of cloud data management solutions, trusted by more than 4 out of 5 Fortune 500 companies.

Second, you’ll need the right partner.

That’s KeepItSafe: a premium, white-glove service that will help you set up and manage your Veeam Cloud Connect backup and recovery solution — and proactively protect your environment 24/7.

KeepItSafe is among a small number of service providers to earn Veeam Platinum Partner status, which the company grants only to organisations “providing first-class support, expert knowledge, and continued product education” to their Veeam customers.

Load more comments

Subscribe to our Newsletter

Enter your email below to be notified about new articles.

Download Analyst Report

Disaster Recovery Planning

“Disaster Recovery Planning: Getting from Good to Great”