GDPR offers one more reason to focus on your disaster recovery strategy
By Vishal Mehrotra Principal Group Program Manager
2 min read
Has your organization failed to devise a business continuity and disaster recovery plan because of the perception that it’s complex or expensive? Or perhaps you have a disaster recovery plan, but maybe you're not testing it frequently enough because of concerns about impacting production systems.
If you’re in either category, you’ll want to start developing a plan now. Especially if your company does business in the European Union (EU) or might have any data on EU citizens. The General Data Protection Regulation (GDPR), which goes into effect May 25, 2018, is the EU’s new data protection regulation. While it doesn’t explicitly require that you back up data or implement a site recovery solution, the GDPR requirements provide additional reasons to stop waiting and fine-tune your DR plan:
- Under the GDPR, data controllers and data processors must “provide a copy of the personal data undergoing processing”. (Article 15)
- According to the GDPR, companies must also have “the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident”. (Article 32)
- GDPR also grants EU citizens the “right to data portability”, (Article 20) which you can’t grant if you lose your datacenter and don’t have a backup
- Companies found to be non-compliant with these or other requirements could be on the hook for a variety of penalties, including administrative fines “up to 20,000,000 EUR … or 4% of the total worldwide annual turnover [revenue] of the preceding financial year, whichever is higher”. (Article 83)
In the past, for organizations not using the cloud backups consisted of copying content from drives to an offline media, such as tape and storing it in an offsite location. In addition to the costs associated with such a solution, it could prove challenging to comply with some GDPR requirements. Microsoft Azure provides a better alternative, with the enormous storage capacity of the cloud, built-in security, and the high availability of datacenters around the world.
With Azure Site Recovery you’ll benefit from a cost-effective solution that replicates your workloads to a secondary location in the cloud. And Azure Backup service keeps your data safe and recoverable in the cloud. So if a disaster should take place, you can quickly and easily restore access to personal data and workloads, making it easier to comply with GDPR data restoration requirement.
Learn more about common questions businesses have about GDPR compliance. Explore Azure Site Recovery.