8 Fundamentals of How Backup Can Help with GDPR Compliance
Is your organization in the process of ensuring General Data Protection Regulation (GDPR) compliance? The enforcement date is May 25, 2018. Unitrends backup and recovery solutions can help your organization with GDPR compliance.
Official GDPR Compliance Statement – Unitrends CSO
“Unitrends can help organizations meet and maintain General Data Protection Regulation (GDPR) compliance, whether you are located in the EU or have customers in the EU. Part of GDPR requires that organizations have strong backup and recovery systems like Unitrends in place. Unitrends Recovery Series backup appliances, Unitrends Backup software, Unitrends Forever Cloud, and Unitrends DRaaS all have specific features that aid with GDPR compliance. These Unitrends solutions help organizations manage data retention policies as well as control the location and replication of data in the cloud, including allowing organizations to choose a geographic region in the cloud for data sovereignty.
Additionally, all data that interacts with Unitrends backup appliances and software, and the Unitrends Cloud, is encrypted both in flight and at rest. For an additional level of security, role-based access control allows administrators to manage internal access to backup data. The user interface in the Unitrends Recovery Series appliance and Unitrends Backup software also makes it easy for administrators to search for specific files and delete data. All Unitrends backup appliances have built-in ransomware protection, compliance reporting, and the ability to quickly restore data and servers on-premises and in the cloud. What’s more, Unitrends is one of the only backup solutions that provides full Recovery Assurance, which includes automated DR testing, outage impact predictions, application-level orchestration and failover, and reporting that proves data recoverability.”
-Bob Antia, Unitrends Chief Security Officer (CSO)
Here are 8 ways Unitrends backup appliances and Unitrends Cloud can help your organization with GDPR compliance:
- Geo-Controlled Cloud Data
Articles 45-47 of GDPR govern the location and privacy of EU citizens’ user data in the cloud. Unitrends Cloud helps by letting organizations choose the geographic region where their cloud data is based. With the Unitrends Cloud, data replication is contained within the selected region, such as the EU, unless a different geo is specifically requested.
- Automated Compliance Reporting
Under GDPR, organizations are responsible for how they manage and protect the privacy of EU citizens’ user data (Article 5). Unitrends Recovery Series appliances, Unitrends Backup software, and Unitrends Cloud provide robust compliance reporting built right into the UI, including outage impact predictions and comprehensive data recoverability reports that are available in formats that can be shared with leadership or auditors.
- State-of-the-Art Backup
As part of its commitment to protecting users and their data, GDPR encourages companies to implement backup and recovery that is State of the Art (SOTA, Articles 25 and 32). Unitrends provides the #1 all-in-one enterprise backup and continuity solution, which includes state-of-the-art features such as advanced ransomware protection and machine learning-based predictive analytics. Our solution is offered in sizes and licensing structures suited for any size of business, from SMB to enterprise.
- Easy-to-Manage Data Retention Policies
Article 6 of GDRP requires a strategic plan for storing data about EU citizens that includes a mechanism to delete data when the use case completes. Unitrends simplifies the process of defining and managing data retention policies for both on-premises backup and data in the Unitrends Cloud.
- Intuitive Search & Delete
One of the most talked about articles of GDPR is Article 17, Right to be Forgotten. Unitrends Recovery Series and Unitrends Backup include intuitive search functionality that enables administrators to find specific files. Administrators can then choose to delete data as needed, though it should be noted that, depending on the data source, deletion may require erasing a block of data and administrators should also be aware of how other compliance regulations might be impacted.
- Role-based Access Control
As another way of controlling the privacy of EU citizens’ data, Article 23 mandates that organizations restrict access to personal data whenever possible. Unitrends solution helps administrators meet this requirement by providing role-based access control that lets them manage and restrict data access levels within their team.
- Secure Encryption
GDPR Article 32 mandates that all data is securely processed and stored. With Unitrends backup solutions, dated can be encrypted in-flight and at-rest using military grade encryption.
- Instant Recovery
In addition to security, GDPR article 32 also requires the ability to quickly restore data. Unitrends Instant Recovery makes it easy to recover lost data in seconds.
GDPR Compliance for Spanning Backup for Office 365
If you’re using our Spanning Backup for Office 365, this solution is also GDPR compliant.
Official Statement from Spanning
“In 2016 the EU passed comprehensive legislation on data privacy (Regulation (EU) 2016/679). Spanning began working in earnest to evaluate our data-privacy posture, policies, and procedures. After an exhaustive data-privacy evaluation process and in-depth conversations with multiple internal stakeholders, as well as customers, to understand what would be required to comply, we determined that Spanning is compliant with the GDPR. Spanning will continue to monitor evolving legislation and individual country legal requirements to fine tune our products and data privacy processes to ensure we continue to meet compliance.”