GDPR Backup Compliance Obligations

In effect as of May 25, 2018, the General Data Protection Regulation (GDPR) governs the rights of EU citizens over their personal data and gives organizations doing business in the EU strict rules for how to safeguard that data. For enterprise organizations managing tens of thousands of personal customer records per year, knowing where this personal data resides and if it’s being purged correctly—all GDPR requirements— can prove to be an onerous and error-prone task, especially if done manually.

Bocada offers a centralized, automated compliance solution to give organizations a streamlined approach to meeting and demonstrating GDPR compliance. Using Bocada’s unique approach to retaining backup performance data and automating backup monitoring, organizations get a key tool to satisfy GDPR requirements and keep them them ahead of the auditors and regulators.

GDPR Article 32: Security Of Processing

According to FINRA, “The controller and the processor shall implement appropriate technical and organisational measures to ensure…the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.”

“The controller and the processor shall implement appropriate technical and organisational measures to ensure…a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.”

Bocada supports GDPR backup compliance through the following capabilities:

• Automated backup performance reporting that identifies failed backups, enabling tailored troubleshooting so data is always protected and restorable.
• Built-in critical failure alerting enables processors to address data backup failures quickly so that valuable data is protected.
• In-progress backup job reporting across hybrid-cloud environments allows processors to proactively address issues that could harm data restoration.
• VM Analysis Reports allow enterprises to identify machines that are not being protected by their backup software so that non-backup issues can be corrected.
• Automated compliance report creation, scheduling and distribution offers a recurring governance process for reviewing backup fidelity and sharing compliance status with auditors.

GDPR Article 5: Principles Relating To Processing Of Personal Data

According to FINRA, “Personal data shall be processed lawfully, fairly, and in a transparent manner.“ “Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.”

Bocada supports GDPR backup compliance through the following capabilities:

• Bocada’s centralized oversight of on-prem and cloud backup data via a single pane simplifies managing backup data and ensuring backup practices are easily visible and reportable.
• Data retention policy reporting ensures personal data is kept for as long as needed and is purged when required.

GDPR Article 25: Data Protection By Design & Default

According to GDPR, “Taking into account the state of the art… the controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisational measures.” “An approved certification mechanism pursuant to Article 42 may be used as an element to demonstrate compliance with the requirements.”

Bocada supports GDPR backup compliance through the following capabilities:

• Bocada’s agentless, single-pane orchestration and automation software represents the most advanced backup data protection governance and compliance tool available to enterprises.
• Bocada acts as an independent, 3rd party compliance and audit solution, representing a mechanism to demonstrate alignment with GDPR practices.

Ready to Assess Your GDPR backup compliance readiness?