One year since its introduction, many businesses remain jittery about GDPR. Even in the most compliant and careful of organisations, the complexity of the legislation has exposed many vulnerabilities. Today, we take a look at what disaster recovery planning means for GDPR, and how it can help to keep you on the right side of the law.
The General Data Protection Regulation (GDPR) was instigated in 2018. There are 99 elements, each of which is designed to give citizens greater control over their data. This includes how and why it is collected, how it is stored and how it is used. Organisations have the full responsibility of ensuring that all criteria are met, and they face significant financial penalties if they fail to do so.
The introduction of the legislation has meant that companies at every level have had to ramp up their IT security. One of the most problematic areas of GDPR compliance is tackling cyber-attacks. UK government statistics for the first quarter of 2019 show that 32% of businesses and 22% of charities experienced a data breach. This is a slightly lower figure than 2018, leading the researchers to suggest that “businesses are generally becoming more cyber secure”. The research shows that this is because 30% of businesses and 36% of charities have made changes to their disaster recovery and policy planning – something that the government considers to be a positive move.
Disaster recovery does not only enhance GDPR compliance – it is essential. Article 32 (Security of Processing) states that companies must be able to provide:
(c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
(d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
There are very few ways of achieving this compliance. For instance, without cloud disaster recovery backup, the real-time data retrieval required for Section C is almost impossible. Without good business continuity planning in place, both C and D are very challenging to achieve.
In short, not only are you grappling with a major problem on your own, but you have also breached internationally binding legislation. That, and your company gets to add its name to the dubious list of 206,326 that have so far been fined by the European Data Protection Board (EDPB) – with watchdogs claiming that the EDPB “is just warming up”. Uber, Facebook and Equifax are just some of the big names that have found themselves blushing, although it is arguably SMEs – which tend to have less free capital – that have struggled the most. Unexpected fines can have nasty consequences in the competitive business arena.
When it comes to IT security and GDPR compliance, it can really help to talk to someone on the front line. To learn how to protect your business, speak to an adviser from TMB today.
Image Source: unsplash.com