The Complete Business Continuity Plan – Step 4: GDPR and DR
In our last informative blog we touched upon the importance of Backups and Testing and how critical this is to the success of any Disaster Recovery Plan. In this final blog we will look at the importance of protecting your data in preparation for compliance with the new European Union Data Protection Directive that is being introduced in May 2018. With GDPR coming into effect early next year many businesses will already be addressing the compliance of their IT systems. But how many of you will have addressed your disaster recovery? If you haven’t looked at the implications GDPR will bring you could be in for a nasty shock! Disaster Recovery providers are data processors and you need to ensure that your chosen service provider will comply with the new GDPR regulations. Netcetera’s Disaster Recovery guide outlines the key areas you need to check to ensure you are safe from the huge penalties that can be imposed for non-compliance. And if you do not already have Disaster Recovery the new regulations make it very clear that you should. Our FREE Ebook will help you discover what you need to do for your business.
So what is GDPR and how will this effect how you view Disaster Recovery?
GDPR replaces the Data Protection Directive 95/46/EC and was designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organisations across the region approach data privacy. Failure to comply could be catastrophic for any business. Non-compliance with GDPR could lead to fines of 4% of turnover or €20 million, whichever is greater.
So how is GDPR relevant to Disaster Recovery?
GDPR covers the requirement to have adequate DR provisions in place to comply, as outlined in article 32(1), the key points being the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. In simple terms any disaster recovery provider handling customer data should therefore have an adequate DR solution that can restore both the availability of and access to personal data. In addition to your live system, your DR system will also need to meet GDPR compliance. Because your DR provider is obtaining, holding and retrieving data, they will be a ‘data processor’. If your DR provider is non-compliant it could render you non-compliant. It is therefore critical that any DR provider meets GDPR compliance.
Think about the following when choosing your Disaster Recovery and Business Continuity Provider
- Will customer data be accessible and
available in a timely manner? - Are your DR providers ISO27001 certified?
- Where is the data held?
- Does your DR provider have data breach
processes in place? - Can customer data in your DR system be
controlled in line with regulations so that
subjects can access, erase or amend their
data? - Does your DR provider offer regular testing
and evaluation to ensure security of
processing? - Have you clarified under contractual
agreement whether your DR provider is a
data processor or data controller?
If the answer you get to any of the above questions causes you to rethink about your existing DR plan or makes you think you should actually have one in place then you need to think planB from Netcetera. Our team of experts have been assisting businesses to meet their data protection regulatory requirements for over 21 years. From robust managed services for IT systems that take care of all of your backup and security solutions to our modern on-site disaster recovery centre, Netcetera and planB can provide you with the very best DR solutions available.
If you would like to find out more about any of Netcetera’s Managed Services or planB, simply click on the below button and we’ll be ready to offer you assistance and any free advice you might require to make your business disaster proof.
Questions?
Speak to our friendly team today to find out what our services can do for you, or for any other queries, please call 03330 439780 or Chat Live with one of the team