← All Tutorials
GDPR and Backup: Complying with Privacy and Data Protection Regulations
What is GDPR
On May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) came into force, a complex regulation that introduces new protections for all EU citizens. The law guarantees the right to data portability, the right to be forgotten, transparency in the processing of personal data, and timely notification in case of a security breach.
GDPR and Backup: How to Align with the Regulation
A key aspect of GDPR is data security and backup management. This issue directly concerns companies that store and process sensitive data, as well as software producers offering backup and encryption solutions, along with the tools needed to protect networks and operating systems, such as antivirus and firewalls.
Let’s now look in more detail at the points of the regulation related to data protection and backup:
Article 32 – Security of Processing
1) Considering the state of the art, implementation costs, the nature, scope, context, and purposes of processing, as well as the risks of varying probability and severity for the rights and freedoms of individuals, the data controller and the processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, which may include:
a) pseudonymization and encryption of personal data;
b) the ability to ensure the confidentiality, integrity, availability, and resilience of systems and services that process the data;
c) the ability to restore the availability and access to data quickly in the event of a physical or technical incident;
d) a procedure to test, verify, and evaluate periodically the effectiveness of technical and organizational measures to ensure the security of processing.
Two of these points are closely related to backup practices. The data controller, i.e., the person responsible for managing sensitive data, must ensure that there are encryption measures for the data and the ability to restore access to the data in the event of technical problems or cyberattacks. Simply put, this means having constantly operational backup procedures, including data encryption, preventing unauthorized access, and ensuring that backups are easily restorable.
To meet these requirements, every company must implement backup software configured to its specific needs. Iperius Backup is a software that offers all the features to ensure compliance with the regulations.
Let’s explore how Iperius Backup meets GDPR requirements:
- Full System Backup and Bare-Metal Restore: the fastest solution for backing up an entire system and quickly restoring it
Iperius offers an image backup feature for both desktop and server operating systems, allowing for an easy full backup of a server, including all configurations, programs, virtual machines, databases, and mail servers. The standard Microsoft VHD/VHDX format allows you to restore the system quickly using the Windows installation disk, regardless of the hardware used. The same speed applies to restoring individual files or applications by mounting the image.
- AES 256-bit client-side encryption and secure protocols
Iperius allows for the encryption of backups using the AES 256-bit algorithm, which is the military-grade standard for encryption. Backups are stored in standard ZIP format, completely independent of the software used, and protected from unauthorized access. Encryption occurs before the data is transferred to external destinations, ensuring secure protection during transfer, also thanks to secure protocols such as FTPS/SFTP and HTTPS.
- Backup of Databases and Mail Servers
Iperius offers backup features for major data management systems such as databases (SQL Server, MySQL, MariaDB, PostgreSQL, Oracle) and mail servers (Microsoft Exchange). Backups can be encrypted with AES 256-bit and transferred to secure destinations.
- Iperius Storage: the online backup service with Italian data centers and ISO/IEC 27001 certification
Iperius partners with the best online storage providers to offer a secure service, with data transfers via protected protocols. Iperius Storage is hosted in ISO/IEC 27001 certified data centers, ensuring the protection of information at physical, logical, and organizational levels.
- VMware ESXi Virtual Machine Replication, to quickly start a machine from its backup copy
Iperius allows for the backup and replication of ESXi virtual machines, with the option to start the replicated machine in a few seconds in case of a failure of the main machine.
- Incremental and Differential Backup of ESXi VMs and Restore to a Specific Date
Thanks to incremental and differential backups, Iperius allows for quick recovery of a virtual machine to a specific date.
- Hyper-V Backup with Standard Virtual Machine Formats
Iperius backs up Hyper-V virtual machines in the original Microsoft format, allowing for quick restoration via import and registration in the Hyper-V console.
- Automatic Detection of Corruption Caused by Ransomware Viruses
Iperius includes a feature that stops the backup process in case corrupted files from ransomware viruses are detected, preventing damage to backups and sending email notifications to keep the user informed.
- Automated Backup Scheduling, Email Notifications, and Centralized Monitoring with Iperius Console
With Iperius, you can schedule automatic backups, receive email notifications, and monitor all backup operations through Iperius Console, which also allows centralized backup management across multiple machines.
- Impersonation of Reserved Accounts for Backups and Automatic Authentication in Protected Networks
Iperius supports installation as a Windows service, with the option to impersonate reserved user accounts for backups, protecting data access. Passwords are stored in encrypted form, and all configurations can be protected by passwords or specific policies.
Click the button below to download and try Iperius Backup, the ideal solution for complying with data protection regulations.
Download Iperius Backup
Some useful links for further reading on the regulation:
https://ec.europa.eu/info/law/law-topic/data-protection_en
https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-does-general-data-protection-regulation-gdpr-govern_en
http://eur-lex.europa.eu/legal-content/EN/LSU/?uri=celex:31995L0046
—
Every company managing sensitive data must comply with GDPR, implementing measures such as:
«A fundamental step is certainly the adoption of the Data Processing Register, a document certifying the management of personal data, which may also include additional information to align with business processes.»
«Defining an organizational structure for data protection, including roles and responsibilities.»
«Appointing a Data Protection Officer (DPO) for managing personal data.»
«Implementing internal controls for data protection, such as audits and periodic updates of protection models.»
Source: https://www.agendadigitale.eu/sicurezza/adeguarsi-al-gdpr-i-passi-da-fare-per-evitare-problemi/
—
For consulting on how to align your company with GDPR, contact us here.
For any questions or doubts regarding this tutorial,
Contact us