GDPR and data backups: what you need to know now
GDPR might feel like a distant memory, but it’s still making its presence felt.
Since the General Data Protection Regulation (GDPR) came into force on 25 th May, there’s been a degree of confusion over what it continues to mean – and how it affects data backups.
Here’s what you need to know to remain compliant:
- Backup and disaster recovery aren’t optional
Under GDPR, you must be able to restore access to personal data in ‘a timely manner’ in the event of an incident, and have a process in place for regular testing, assessing and evaluating the security of data processing. That means you need to have backups and a disaster recovery plan – and actively test their integrity. If you don’t, as well as falling foul of GDPR, you could be putting yourself at higher risk of ransomware and cyber-attacks.
- Third-party providers must be compliant, too
Anyone who handles, processes and backs up data is known as a ‘data processor’ in the regulation. If you’re outsourcing your backups, you need to know that your chosen provider takes GDPR compliance equally seriously.
- Data breaches need to be reported within 72 hours
You might have reviewed your organisation’s ability to detect and report data breaches ahead of the May GDPR deadline, but how confident are you that you’ll stay vigilant? As things change in your business, you need to regularly check that you’ve got a tight process in place for detecting and dealing with incoming cyber-attacks.
- Everyone should be involved
GDPR has shifted the spotlight off IT or Legal and onto every member of staff in your business. At the very least, staff who search, record and manage customer data should be trained in what GDPR means. If you have more than 250 staff, you need a Data Protection Officer, whose job is to educate the rest of the organisation and come up with ways to ensure you remain compliant.
- Backup, backup, backup
How often do you or your provider do backups? If they’re automated, it’s worth reviewing how frequent they are to keep up with how fast your live data changes. If you’re using a third-party or your IT provider does this for you, ask them about how often they test disaster recovery for your account.
What you can do now
As things change, the onus is on you to ensure your business remains GDPR compliant, including regular data backups and a tested, thorough and regularly reviewed disaster recovery plan. At Ratcliff IT, we’ve been providing business continuity solutions to small businesses across London and beyond for nearly 20 years.
Get in touch to hear more about how we can help your business.