In the dry, legal jargon used in the text of the Data Protection Bill (the UK’s enactment of GDPR):
“…the controller or the processor must, following an evaluation of the risks, implement measures designed to – …ensure that any systems used in connection with the processing function properly and may, in the case of interruption, be restored, and ensure that stored personal data cannot be corrupted if a system used in connection with the processing malfunctions.”
This means that a company that handles any information about individuals, so almost every company in the UK, has a responsibility to make sure that its computerised systems have both backup and disaster recovery solutions in place. The lack of specific wording about this is a clear sign that a business is expected to meet its GDPR obligations whatever happens to it: be that flood, fire or cyber-attack.
Do your clients’ businesses have sufficient backup and disaster recovery strategies in place? If so, are these mechanisms routinely tested to ensure that they stay up to the job? Without all of this in place then the wrath of the ICO could fall upon them, especially if there is an incident and there have not been measures put in place (and routinely tested) to ensure continued compliance with this new legislation.
For you, this is both a problem and an opportunity.
- A problem insomuch as your business must take steps to be compliant. In fact, many of your clients will be forced to ask you for a statement of your compliance over the coming months so that they can continue to deal with you; making your full GDPR compliance something of a must!
- An opportunity, as you can provide professional backup and disaster recovery solutions to your clients so that they can become GDPR compliant themselves.
There are many elements to full GDPR compliancy but let’s just look at one thing at a time: Take a little bit out of your working day on Tuesday April 17th at 1.00pm and participate in the Egenera GDPR & DRaaS webinar.
