Disaster Recovery is an element of General Data Protection Regulation that many businesses haven’t yet considered.
You can plan for it. You can train for it. You can create as many systems designed to prevent it as you want, but at the end of the day disasters still occur and they happen when people least expect them.
Whether it’s a natural disaster that knocks a data centre offline or a cyber attack that ravages critical systems, there’s no shortage of damage that can happen to a business during this time.
It’s imperative to have a comprehensive DR plan in place to ensure your business is properly prepared to cope with any disaster that comes along, in order to get back up and running as soon as possible. On the 25th of May 2018, the EU General Data Protection Regulation (GDPR) comes into effect. This will bring changes to data protection law that affect anyone selling or monitoring data within the EU and holding customer data.These changes must be complied with – failure to do so could lead to fines of 4% of turnover or €20million, whichever is greater. There is also the spectre of reputational damage stemming from any sort of data theft.
How does GDPR relate to DR?
GDPR covers the requirement to have adequate DR provisions in place in order to comply, as outlined in article 32(1):
“Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate.
All companies handling customer data should therefore have an adequate DR solution that can restore both the availability and access to personal data.
In addition to your live system, your DR system will also need to meet GDPR compliance. Seeing as your DR provider is obtaining, holding and retrieving data, they will be considered a ‘data processor’.
If your DR provider is non-compliant it could render you non-compliant with the accompanying threat of financial punishment. It is therefore critical that any DR provider (either your existing provider or one you are considering) meets GDPR compliance.
So, with less than a year to go before GDPR comes into effect, you should be assessing your DR plans now to ensure that they meet compliance criteria. Let ES Systems Ltd help your business prepare for the GDPR deadline. Call us today on 0191 371 2392 or email firstname.lastname@example.org.