With the implementation of the General Data Protection Regulation (GDPR) only 18 months away, organisations must implement appropriate security measures to protect personal data and have a clear data protection policy.
Businesses now need to incorporate these requirements into the design of their Business Continuity & Disaster Recovery solutions. Whereas security of data is core to the design of any such system, classification of personal data, storage and accessibility of that data is essential for the ability of the business to respond to reporting requirements of GDPR in the event of a breach.
When choosing a suitable service, companies should deal with a reputable and experienced organisation which can help secure and protect digital assets. This begins with defining the data requiring protection, then designing a service which will protect and retrieve that data in the event of a data breach or service disruption. This may be a Backup as a Service (BaaS) to protect data, or combined with Disaster Recovery as a Service (DRaaS) to also protect services. This helps ensure business continuity by minimising downtime and disruption to customers and employees while ensuring compliance with GDPR.
GDPR requirements firmly put the ability to retrieve data under the spotlight and clearly point to online backup systems as being the essential solution. Data access and retrieval must be easy, as tape has become impractical.
BaaS enables companies to reduce the risk of data loss, lower compliance costs and improve data governance. Offered with a managed service, should a breach occur, the service team helps with data recovery. More comprehensive full DR services provides businesses with a customised recovery plan meeting both compliance and continuity needs.
Data backup is the second most common IT function moved to the cloud (email being the first). BaaS connects systems to a private, public or hybrid cloud managed by a third party – enabling you to reduce the risk of data loss, lower compliance costs and improve data governance.
Why should you have BaaS?
For starters, IT outages can cost millions. In 2014 Gartner rates the average cost of IT downtime at over $300,000 per hour.
Secondly, in the event of a data disaster, recovery is four times faster with cloud backup – 2.1 hours as compared to 8 hours.
There is no need to worry about data security either. Data may even be more secure in the cloud than it is on company servers. The fact that this security is managed by a third party means continuous monitoring, protection and encryption options are used.
BaaS also offers companies a full audit trail – your business is compliant
Having your backup processes managed by a third party offers you the compliance needed including SAS 70, Central Bank and regulatory bodies as well as EU Directives such as the NIS Directive and Data Protection Regulation (GDPR).
The new GDPR directive means that businesses must:
- Understand where all data resides and ensure it is protected
- Appoint a data controller
- Carry out risk assessments
- Notify authorities within 72 hrs of a breach
- Implement appropriate systems to minimise risk
- Implement full data protection
The potential risks to organisations for non-compliance include fines of up to €10M or 2% of global turnover for the NIS Directive and €20m or 4% of global turnover with the GDPR Directive.
Failure to comply with regulations may result in significant fines, even if no data breach or disaster occurs.
You decide how many locations your backups reside in. This usually includes an encrypted, off-site backup on a separate domain so that it is not affected in the event of a cyber-attack. You can even have a local storage backup which can improve recovery speed.
Learn more about Trilogy’s Backup as a Service here.