Backup and recovery as a service for GDPR, or otherwise

Backup and Recovery GDPRThe EU’s General Data Protection Regulation (GDPR) went into effect on May 25, 2018, and applies to every company that does business in the European Union. It requires that data processors and controllers have up to date technical security, and provides many new rights to customers on how they control their data.

Honestly, though? Most of the regulations set into motion with the GDPR are also just good business practices for dealing with and protecting your customers’ data — the same can be said of other compliance initiatives, like HIPAA. The thing is, some of the steps necessary for compliance can be tough to accomplish without help, especially for small and medium sized organizations.

In this blog we’ll look at two particularly critical areas of GDPR and how using a backup and recovery as a service (BRaaS) solution can help with compliance — and in your day-to-day effort to keep your customer data accessible and safe.

Information availability for GDPR compliance

At its core, GDPR provides a new framework for consumer data rights. As part of these rights, customers have to be able to “easily” access, change, and delete their data. This involves search functionality, change management, and of course, capabilities to delete data on demand.

If your company is working off of tape backups, this is a problem. While tape may be secure, it also stores data in a linear fashion. This makes random access a tough proposition, so searching for a specific customer’s data is difficult, and takes time. This leaves your company at risk of not complying with GDPR.

A BRaaS solution can store your data on any number of different media, depending on a variety of factors. For GDPR compliance, this means that if a customer makes a request to change their data, you can find it quickly and make the changes, or delete it.

Keeping data physically secure

There are so many threats against networks, that it’s easy to forget physical threats to your technology. What is your company doing, for example, to prevent an unauthorized person from accessing a physical server?

Site security is a critical part of any data protection strategy, but many small or mid-sized organizations don’t have the money, space, or resources to do what’s required. It’s a common story, a small company sets up a server in a corner, then as the company grows, the “server room” becomes a closet, or an office. Maybe the door needs to be left open to vent the hot air. You get the picture. These ad hoc server rooms are extremely vulnerable.

Even those companies with a dedicated server room that locks often don’t employ technology like access codes or key cards. For BRaaS providers, however, physical security is part of their core offering. For example, our data centers offer the tightest physical security possible, in additional to all the technical security features you expect.

GDPR compliance is more than a checklist to be measured against, it’s good business practice. BRaaS solutions can help ease compliance concerns for those companies that do business in the EU, and can provide peace of mind — and cost savings — for those companies just looking to improve their bottom line.


To learn more about KeyInfo’s BRaaS offerings, check out this video.

Drew Woods
Senior Marketing Communications Manager
Key Information Systems