The General Data Protection Regulation (GDPR) is the biggest change ever in data protection laws and comes into effect this month, on May 25, 2018. The law gives European citizens control over their personal data by providing a set of rules governing the privacy and security of that data. The effects of the GDPR won’t be felt just in Europe; it will have wider implications on organizations inside and outside of the European Union (EU) if their business involves EU data subjects. In a nutshell, the GDPR applies to all the companies processing and holding the personal data of individuals residing in the EU, regardless of the company’s location.
Here are some questions and answers about the GDPR:
- What data is considered personal? The GDPR considers any data that can be used to identify an individual to be personal data. This data can be either direct or indirect. Additional information can be found here.
- What is the effect of the GDPR on an organization? This data protection law protects individual users. However, it could mean huge fines for businesses that don’t comply with the laws. Data breaches are very common nowadays, and organizations are responsible for demonstrating compliance with GDPR data protection principles: making sure of tighter control of where personal data is stored and how is it used and shared. Organizations must enable regular monitoring, review, and assessment of data processing procedures; build in appropriate safeguards; and make sure that employees are trained to understand their obligations. Finally, adding proper data policies to provide control to data subjects makes sure of lawful processing.
Keep in mind that returning control of complex personal data to users is not easy. Additionally, working out how to give data back and make sure that it is stored satisfactorily throughout the tenure of the service and then deleting the data securely are technical problems. However, if you are relying on NetApp® SaaS Backup for backing up your cloud data, we have it all covered.
- What is the role of SaaS Backup? SaaS Backup acts as the data processor that processes personal data on behalf of the controller (the customer). Businesses are responsible for making sure that data shared with us complies with the GDPR.
- How does SaaS Backup comply with GDPR requirements? The GDPR requires systems to be highly available, be recoverable, and have high integrity. It mandates the state of the art of confidentiality, integrity, availability, and rapid restores. SaaS Backup complies with all these requirements and is engineered to keep customer data secure at all times.
The NetApp SaaS Backup Service was designed with an understanding of what might be required for organizations to be compliant with the GDPR, and we continuously enhance our functionalities and security measures to support our customers’ data protection and compliance efforts. SaaS Backup Service is engineered by taking privacy into account (privacy by design principle) to safeguard customer data in the cloud.
Here are some additional details about how SaaS Backup achieves these requirements:
- NetApp SaaS Backup includes a data classification feature that is particularly helpful for managing backup data in a manner that enables customers to efficiently respond to data subject requests.
- NetApp SaaS Backup implements various levels of security controls that make sure that the personal data in the backup data is protected against unauthorized access and has breach detection and prevention. Backup data in transit is encrypted using Transport Layer Security (TLS) and data at rest using AES 256 algorithms. NetApp SaaS Backup implements additional protection by adding a multilayer key rotation policy to make sure that the data is secure.
- NetApp SaaS Backup enables role-based access capabilities to make sure that appropriate user access controls are in the service. A role group grants a configurable level of access to a specific service, and the user can perform tasks against only those services without compromising security.
- NetApp SaaS Backup provides detailed auditing of user activity, which allows organizations to keep track and record the use of backup data and should require derive patterns on unusual or suspicious user activity.
- Other requirements such as right to erasure and to be forgotten are also implemented, making sure the data is destroyed.
Get More Information
Comply with the GDPR for continued public trust and confidence. Visit the SaaS Backup page to learn more about the product and start a free trial.