GENERAL DATA PROTECTION REGULATION (GDPR) :

General data protection regulation is a conditional terms of data protection policy which is adopted by European Union In year 2016 which is work commence in European states it also independently provide data protection policy across all over world .

The main aim of GDPR is providing traditionaldata protection policy italso addresses the export of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for International business by unifying the regulation within theEuropean Union.

Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Data Protection Directive)

Why company and firms need GDPR

Company’s orfirms and persons use GDPR

GDPR always helps to recover data in case of data loss.

The factor of data loss may be several like computer hacking internet hacking staking data theft system or computer physical damage network destruction or network failure can cause data lose

On the case of data loss we need a backup to we retrieve our work and have to prevent and preserve Data for makingworking and business in better way

GDPR bring data backup and backup support GDPR help to conveniently retrieve your work without the worry of data loss.

Data protection by design and by default”, means that business process that handle personal data must be designed and built with consideration of the principles and provide safeguards to protect data and use the highest-possible privacy settings by default, so that the data is not available publicly without explicit, informed consent, and cannot be used to identify a subject without additional information stored separately. No personal data may be processed unless it is done under a lawful basis specified by the regulation or unless the data controller or processor has received an unambiguous and individualized affirmation of consent from the data subject. The data subject has the right to revoke this consent at any time.

GDPR has been designed to provide individuals with greater control over how their personal data is collected, stored, transferred, and used, while also simplifying the regulatory environment across the European Union (EU). This new regulation impacts both organizations that conduct business in the EU, as well as businesses that maintain or process EU personal data. LogMeIn recognizes the importance of the evolving legal and regulatory landscape around information security and data privacy and remains firmly committed to GDPR readiness by no later than the effective date.

Some key GDPR principles to consider in implementation include:

  • Integrity:Securing and safeguarding personal data using appropriate technical and organizational security measures.
  • Lawfulness:Organizations must, among other things, ensure they have a legal basis for processing personal data, and process that data in a fair and transparent manner.
  • Limited Use:Personal data may only be collected for specific, explicit, or legitimate purposes.
  • Data Minimization:Only collect data that is relevant and necessary for its intended use.
  • Accuracy:Personal data must be accurate and up-to-date.
  • Storage Limitation:Subject to relevant exceptions, maintain personal data only for as long as is deemed necessary and reasonable.

Data backups and storage limitation

Even though you may have seen the question, “Do you perform backups regularly?” on multiple occasions in your seminars on data protection: Backups must remain a central topic, or be brought back into the limelight. Backup processes may have considerable gaps.

In the event of a data loss, the availability of personal data may no longer be ensured, or restoration may be impossible.

For backups and availability, data protection officers could and should work together with IT security. Besides confidentiality and integrity, availability is one of the 3 classic protection goals in IT security.

However: Unlike IT security, data protection in compliance with the General Data Protection Regulation also needs to follow the principle of storage limitation.

This principle requires controllers to keep personal data in a form which permits identification of data subjects for no longer than necessary for the purposes for which the personal data is processed.

After the purpose has been fulfilled and all other legal requirements have been observed, the personal data must be deleted from the backup in due time.

This is why you should include storage limitation in your data protection instructions.

Investigating procedures for data protections

There are two data protection problems that occur with backups:

  • On one hand, the data that the controller is required to delete may still be in the backup.
  • On the other hand, backups often lack data that needs to be kept in order to satisfy the requirements of availability and restorability.

Incomplete or inaccurate specifications for the backup process may cause deficiencies in the backup:

  • Clarify which data from which sources must be included in the backup, without neglecting any mobile systems or cloud services that are being used.
  • It must also be defined which data and systems need to be backed up how often, using which method, and for what duration.
  • It must also be clear where the backups are kept and how they are protected.
  • The controller should create a specific policy for data backups.
  • The emergency manual also needs to cover rules for data backups.
  • Do not forget: The backup process itself must be secure. E.g., the data transfer to the backup server should be encrypted.

Do not neglect the backup solution during inspections

Even the best data backup guideline isn’t very useful if the backup solution cannot provide the desired level of performance.

This is why the backup tool must be inspected thoroughly. It is important in particular that

  • the backup solution can be automated and run in the background,
  • a user management and user rights system is available,
  • a tool creates a log of the backups,
  • the data to be backed up can be selected easily from a clear overview,
  • changes of the files selected for backup require confirmation (protection against unintended backup changes),
  • the tool supports the hardware, operating systems, and applications of all systems to be backed up, including mobile systems and the cloud,
  • notifications about backup problems, e.g. via e-mail or SMS, are in place, and
  • The backup service can be restarted automatically in the event of a problem.