Physical and technological failures and glitches occur even in the best-maintained and most secure files. This is why the General Data Protection Regulation (GDPR) requires a plan in place to safeguard and restore data in personal files of EU citizens whenever a technical or physical incident occurs. But it also means that businesses that deal with EU citizens must also consider the security of their personal data files.
What are the GDPR Backup Requirements?
Several providers are anxious to provide backup services for GDPR data. In most cases, the data would be backed up in cloud storage.
Providers chosen must adhere to GDPR regulations regarding data backup. Data would be organized in separate backup archives for each individual EU citizen. Thus additions and deletions could be made to a file without affecting others’ records.
Backup data files must be strongly encrypted to avoid hacking and use of the data.
What Does This Mean for Businesses?
Following the introduction of GDPR, businesses must more carefully consider the security of their personal data files than ever before.
Consider this: the Human Resources department of every business has employee personal data as well as data on clients and other companies. These records cannot be disclosed. To do so is an infringement of their rights and freedoms. If the records were hacked it could result in serious losses — both in financial terms and in terms of stature and reputation.
Businesses must review the data they hold, how it is used, and how it is stored. Moreover, they need to decide on how long it is retained and how it is deleted, destroyed, or removed.
As much of the employee and client data is communicated through email, a reassessment of internal and external communication needs to occur as the GDPR is implemented.
In short, Email security procedures must be re-examined. This may require new Internet control filters to become compliant with new GDPR regulations. These must prevent employees from accessing any websites which may harbour malware as well as any malicious URL sites and those conducting phishing attacks. Data disclosure has never been a more serious concern. Extreme pressure will be put on businesses to comply with GDPR rules.
Having a secure email archive plan is paramount. Basically a sound plan involves tools that copy email as it comes in or goes out and indexes it for quick, efficient retrieval. It is encrypted and then stored safely and securely. Access to, and modifications of, any email are also recorded.
Thus, employee and client data is protected from internal and external threats and data breaches
While GDPR data backup is deemed necessary, several groups argue that this backup infringes on their right to be “forgotten”. So a few questions regarding data backup remain:
How can the personal data of EU citizens be protected when it remains somewhere in the archives as backup data?
- How can data be minimized to retain only data that is required?
- How long is it reasonable for data to be retained in a backup file?
- Who makes decisions regarding the above questions?
Storage limitation is a reality. Thus businesses must consider how and when to delete data.