Copy of Europe’s General Data Protection Regulation (GDPR) comes into force on May 25th 2018

Atempo’s GDPR-ready data protection suites

gdpr-diary-date.PNG

GDPR (General Data Protection Regulation) will, as of May 25th 2018, govern how organizations manage customer data privacy and data protection. GDPR is major EU legislation with many far- reaching impacts for all. Stiff financial penalties of up to 4% of company turnover (limited to €20 million) will encourage public and private entities to abide by the rules.

Under GDPR, any audited organisation without a genuine data backup solution is under risk of being penalized. You will have to prove you can:

  • restore missing data;
  • list what data you have backed up;
  • locate data on any support – local or remote disk storage, tape, Cloud;
  • manage what happens to your data over time.

GDPR dictates that personal data on a given database or file must be deletable following a customer request to exercise their right to privacy. However, if this data is duplicated to a number of different physical and logical media, how can the user be sure that their personal information is no longer accessible? The simple answer is that this is almost impossible or at best far too time consuming for most organizations.

No actual GDPR certification exists for backup software. But the feature set of your backup solution will certainly come under close scrutiny during an audit to see that it is ticking the right boxes. Having an easy-to-use, powerful and established backup solution will help you to reassure your auditor (and also your Data Protection Officer!) that private data is handled optimally. The bottom line is proving that you are, to the best of your ability, accountable and compliant in the eyes of the law.

There is no silver bullet, but Atempo’s solutions can play a key role.

The following lists some best practices to ensure maximal GDPR compliance:

Domain Best Practice for GDPR Atempo Data Protection Solutions
Data Backup Backups need to be managed using professional tools tailored to company needs. Safeguarding selected data is central to this. Also, it is essential to recycle data sets automatically after backup retention periods complete. Thousands of longstanding customers from a few GBs to several PBs of protected data are testimony to the depth and flexibility of our solutions. Automatic data retention management and thorough recycling processes are built into our family of solutions.
Data Storage The GDPR places responsibility for Data Protection both with the organization but also third- party providers (Cloud Storage firms for example). This means that the number of data sets onsite and offsite, the type of media used for storage will become crucial factors when assessing overall data responsibility. Atempo manages an array of data destination choices (disk, object, tape, Cloud...). Backup sets can be managed asynchronously with short-term retention on disk and long term on tape and/or private or public clouds. Atempo ensures that their backup customer have full control of their data in addition to the complete storage chain.
Data Accessibility Data needs to be accessible and easy to locate. Inbuilt cataloguing tools help organizations locate, delete or transfer personal data as requested under GDPR rules. Archived data needs to be confined in terms of access and searchability. The sample used to locate personal data should be as small as possible. Backup data storage is meaningless if you cannot isolate what is backed up, where it is stored and for how long. Atempo’s internal cataloguing system for their both backup and archiving solutions manages this paradigm perfectly.
Data Security All data should be accessible only to those with specifically defined access rights. This means managing these rights professionally Encrypting all backed up data - preferably at source- is another crucial consideration. User access is tightly controlled for both backup and restoration operations. All data backed up by Atempo is encrypted at source. This means that without access to decryption keys, no internal or external provider has access to potentially sensitive personal data.

Atempo solution suites:

Backup - Live Navigator (ALN) for endpoint protection and Time Navigator (ATN) for total physical and virtual server backup and business continuity requirements.

Archiving - Atempo Digital Archive (ADA) for high performance, high volume file archiving on agnostic storage and Cloud locations.

Both solutions fully comply and respect industry norms related to storage, recovery and access. What is more, the integration of Atempo solutions in your organisation can play a pivotal role in getting you safely through a GDPR audit!

For the key elements of this law, in particular relating to data privacy management, please visit the official GDPR website. GDPR documentation can be found here.

For more help on how Atempo can play a role in your GDPR compliance, please contact us here.