Under the GDPR, data controllers and data processors must “provide a copy of the personal data undergoing processing (Article 15).” Moreover, according to the GDPR, companies must also have “the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident (Article 32).”
Does your organization have a reliable disaster recovery plan?
SkyFlok provides you with a disaster recovery plan that increases data accessibility and privacy! We spread your data across multiple vendors and locations to make sure that it is protected from being lost to natural disasters or temporary failures or downtime from individual providers. With SkyFlok you have instant access to all your files anytime, anywhere!
Do not let your organization fail to devise a business continuity and disaster recovery plan. Be ready to meet the requirements of the new GDPR with SkyFlok!
Has your organization failed to devise a business continuity and disaster recovery plan because of the perception that it’s complex or expensive? Or perhaps you have a disaster recovery plan, but maybe you’re not testing it frequently enough because of concerns about impacting production systems.
If you’re in either category, you’ll want to start developing a plan now. Especially if your company does business in the European Union (EU) or might have any data on EU citizens. The General Data Protection Regulation (GDPR), which goes into effect May 25, 2018, is the EU’s new data protection regulation. While it doesn’t explicitly require that you back up data or implement a site recovery solution, the GDPR requirements provide additional reasons to stop waiting and fine-tune your DR plan:
- Under the GDPR, data controllers and data processors must “provide a copy of the personal data undergoing processing”. (Article 15)
- According to the GDPR, companies must also have “the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident”. (Article 32)
- GDPR also grants EU citizens the “right to data portability”, (Article 20) which you can’t grant if you lose your datacenter and don’t have a backup
- Companies found to be non-compliant with these or other requirements could be on the hook for a variety of penalties, including administrative fines “up to 20,000,000 EUR … or 4% of the total worldwide annual turnover [revenue] of the preceding financial year, whichever is higher”. (Article 83)In the past, for organizations not using the cloud backups consisted of copying content from drives to an offline media, such as tape and storing it in an offsite location. In addition to the costs associated with such a solution, it could prove challenging to comply with some GDPR requirements.