Every business, enterprise, government agency, educational or health science organization is relying, hoping, and risking that the data backups sitting in their infrastructure or cloud service is better than the production environment they just abandoned because of a ransomware or malware attack.
The company compliance officer is hoping to quickly mitigate the reemergence of data subjects that were deleted related to GDPR or CPRA or any other data privacy laws. Are these hopes well founded? And if not, what will be the impact on the time it takes to get all systems online and the company back into production?
RTO and RPO only tell part of the story. At what recovery point objective is the data backup free from the ransomware or malware that just changed the course of the company’s ability to serve its’ customers or constituents? Since this is difficult to answer the only option is to mount a backup and run cyber scans and data privacy scans against that data backup before cutting to production. This of course takes time and delays time to production.
From a data privacy perspective, in the time since the backup recovery point that is chosen, the organization has received some number of “Data Subject Access Requests” and “Request for Deletion”. And now with restoration, these data subjects are back online, and the company is out of compliance. And because of GDPR and CPRA restrictions, you can’t maintain a list of who they are, so you don’t know who to delete again. This is all going to take time again delaying time to production.
The solution to these challenges varies depending on the cloud, database, storage system, or data protection strategy being deployed. Whether on-premise, hybrid, private or public cloud infrastructure, data protection is a fundamental pillar for both time-to-production and sustainable compliance.
In upcoming posts, we will provide suggestions for getting back to production quickly while maintaining compliance and the elimination of cyber risks. Until next time, be safe.
All brands, images and names are property of their respective owners.
This post is part of a sponsored ComplyTrust blog post series. If you have read our previous articles on data privacy laws, or if you are following developments in this area, you will probably have noticed that the regulatory landscape is complex. In the United States of America, individual states have started to introduce their …
This post is part of a sponsored ComplyTrust blog post series. Signed in 2016 and in force since 2018, the European Union General Data Protection Regulation (GDPR) has inspired many countries around the world to pass data privacy laws. The data privacy regulatory landscape is becoming increasingly crowded and complex: there is no global “international …
This post is part of a sponsored ComplyTrust blog post series. To learn more about ComplyTrust, please visit complytrust.com. Backups are one of the few data repositories where most if not all an organization’s data, often coming from disparate systems and sources, is centralized and searchable. Backup Data Privacy Compliance refers to that data retained …
The 28th of January is Data Privacy Day, a day created to increase awareness about the problematics and opportunities around data privacy. Have you heard about it? Whether you did or not, Data Privacy Day is an excellent and needed reminder about this topic: in our digital era, we communicate every day to interact with …
In a previous post we discussed the impact of cyber and data privacy considerations on recovery operations and time to production. We promised further discussion on mitigation strategies. In this post, we will focus on public cloud infrastructure, although many of these strategies apply additionally to hybrid and on-premises systems. Two factors impact the ability …