6 Steps for a Better Data Recovery Under the GDPR
One of the main priorities for many executives is compliance. Financial services, insurers, government agencies and loads more must now comply with regulations governing how they use and protect data. More and more data now enter through more sources, so you need to look at all the angles on how to safeguard your clients to protect your brand integrity.
The General Data Protection Regulation (GDPR) is a major advancement in data protection law and will now significantly impact your business. The law comes into effect at the end of May, so you should start to prepare now so you are compliant. The new regulation states that organisations must have a formal process in place that will restore the availability of and access to personal data in a timely manner in the event of any physical or technical incident.
Do you have the ability to locate all of the personal data you collect? Are you prepared to recover the data in a timely manner? Would you have proof that the information is accurate and the process repeatable? If you answered no then you’re not alone.
94% of the CIOS in the USA says that the data they have is affected and over 90% of them are worried about the impact it might have on their ability to process that data. Organisations outside of the EU are subject to the regulation and the penalties that would happen if they don’t comply.
The Blueprint for GDPR Data Recovery
To meet the obligations of GDPR, follow these 6 steps –
Establish What You Have – Start off by identifying where data is stored across all your formats, applications and departments. A data that is associated with personally identifiable information (PII) that is gathered for a citizen of the EU will need to be located.
Develop a Detailed Data Recovery Plan – Define categories of potential breaches and procedures that will notify citizens and authorities about personal data breaches. In most cases it is 72 hours.
Implement Security Techniques – Try and explore techniques such as dynamic data masking and encryption of personal data, this will ensure data is disguised and is no longer identifiable.
Remove Single Points of Failure – Your current state of compliance and disaster recovery plans might not account for data corruption or loss. Testing this is extremely costly to repeat regularly to prove continued compliance. Your existing plan may not help comply with GDPR.
Prove Timeliness of Recovery – It is best to develop and document your process to recover your data and that it agrees with IT and risk management teams on expected recovery times.
Enforce Testing and Simulation – Perform a recovery simulation and the clearly document techniques. This will let you identify bottle necks that are in the process, if they are removed then it will allow for even faster recovery of data.