This post is part of a sponsored ComplyTrust blog post series. To learn more about ComplyTrust, please visit complytrust.com. Backups are one of the few data repositories where most if not all an organization’s data, often coming from disparate systems and sources, is centralized and searchable. Backup Data Privacy Compliance refers to that data retained …
Every business, enterprise, government agency, educational or health science organization is relying, hoping, and risking that the data backups sitting in their infrastructure or cloud service is better than the production environment they just abandoned because of a ransomware or malware attack.
The company compliance officer is hoping to quickly mitigate the reemergence of data subjects that were deleted related to GDPR or CPRA or any other data privacy laws. Are these hopes well founded? And if not, what will be the impact on the time it takes to get all systems online and the company back into production?
RTO and RPO only tell part of the story. At what recovery point objective is the data backup free from the ransomware or malware that just changed the course of the company’s ability to serve its’ customers or constituents? Since this is difficult to answer the only option is to mount a backup and run cyber scans and data privacy scans against that data backup before cutting to production. This of course takes time and delays time to production.
From a data privacy perspective, in the time since the backup recovery point that is chosen, the organization has received some number of “Data Subject Access Requests” and “Request for Deletion”. And now with restoration, these data subjects are back online, and the company is out of compliance. And because of GDPR and CPRA restrictions, you can’t maintain a list of who they are, so you don’t know who to delete again. This is all going to take time again delaying time to production.
The solution to these challenges varies depending on the cloud, database, storage system, or data protection strategy being deployed. Whether on-premise, hybrid, private or public cloud infrastructure, data protection is a fundamental pillar for both time-to-production and sustainable compliance.
In upcoming posts, we will provide suggestions for getting back to production quickly while maintaining compliance and the elimination of cyber risks. Until next time, be safe.
All brands, images and names are property of their respective owners.
The ComplyTrust Team.