We hate to be the bearers of bad news, but here’s the thing.
If you’re currently breathing a sigh of relief that the General Data Protection Regulation (GDPR) deadline of May 25th, 2018 has passed, then you might be in for a shock. That’s because this is only the beginning of the journey. The period of grace is over and from now, every business that fails to comply with the terms of the GDPR could face large fines.
It means that those companies sending an opt-in email under the assumption that this sole action would meet all GDPR obligations, could be heading for a nasty surprise.
Fundamental change starts from this point on.
And there is one GDPR principle which deserves particular attention: the right to erasure, also known as the right to be forgotten.
Rights and responsibilities
Under Article 17 of the GDPR, data subjects (or ‘people’ as we like to call them here, but we’ll stick with the legal jargon for the time being) have the right to be forgotten under certain circumstances. Individuals can make this request verbally or in writing and invoke this right if, for example:
- Personal data is no longer needed
- The subject takes away their consent for the data to be used for the purpose which they originally agreed to, and the company doesn’t legally need to keep it
- The company is processing data unlawfully
Subjects would probably expect the right to be applied to any backups too. Any restoration from a backup should not override live data with previously deleted information.
However, there is an immediately obvious problem here, especially if deleting one person’s data could adversely affect another individual’s records or there is a legal need to keep hold of personal data. Balancing the competing needs of retention against the right to erasure really is a minefield. That’s where working with a trusted IT partner can ease the GDPR headache.
Step forward, Backup Heroes.
Best practices for GDPR and back ups
Knowing what data you hold about a person, where it is stored and how to access it if they ask to see it, is a good starting point.
If you ever had to stand before the Information Commissioner and explain yourself, you should be confident that your data handling processes – including the way you back up data – are robust and well-documented. You need to be sure that you are doing the right thing, and that your outsourced backup and Disaster Recovery provider is also GDPR compliant.
To protect personal data, best practice dictates that it should be archived safely and securely, with the ability to – also safely and securely - retrieve information if required.
Our Veeam-powered backup solution offers the following benefits:
- End-to-end encryption ensures that your data is protected at rest and when it is being transferred to an archive
- Instant recovery gives immediate access to backup data if needed
- Ability to perform full recoveries or item-level recoveries
- Regular testing of security and effectiveness – we don’t sit back and take it easy here. It’s our job to protect your backup data so you don’t have to worry
- We charge just 3p per GB of backed up data, making us the affordable choice for SMBs
- Our software includes backup of OneDrive for Business (including OneNote notebooks) and SharePoint The journey towards GDPR compliance is just beginning so if you need expert backup support along the way, we’re here to help.
Give us a call on 0845 241 6370 and we’ll be happy to talk through our services.