Technical security measures
Backup as a technical security measure
There are many who overlook that a loss of personal data constitutes a personal data breach. For example, if the hard drive of a computer that stores personal data crashes and all content thereby disappears. It is good for a company to have a backup as a technical security measure to be able to recover after such a personal data breach.
Companies should implement backup as a technical security measure to protect processed personal data
In short, a backup means that the company has a backup copy with the same information in a different location. For example, on an external hard drive or in a cloud service. Companies should prevent personal data breaches and having backups of personal data is one way.
Please note that both the copy and the original still need to be protected. In addition, the company should store these separately from each other. It is also important not to forget to update the backups. If the company is to delete personal data because they are no longer necessary or to meet a data subject’s request, it is important to delete the personal data from the backup as well.
Benefits of Backup
- Protects against data loss.
- Possibility to restore the IT system.
- Easier to recover after a personal data breach.
Tips on how companies can think and work with backup
Needs analysis
The first thing companies should do in a needs analysis of backups is to see what data the company needs to copy, how long the copy should be kept, how often backups should be taken, who has permissions to access the copies, etc.
Documentation
Make sure to document all decisions. After that, it is good to create instructions and procedures regarding the management of backups.
Implementation and testing
Implement the backup in accordance with the procedures. In addition, it is good to regularly test the backups to see that everything is working as it should.
More information about GDPR
Encryption of personal data
Encryption means that anyone who wants to access data must have an encryption key along with a mathematical function, in order to read the encrypted information. As a result, there is less risk of unauthorised access to the information, as more is required for access. It is a common technical security measure for companies to take, especially when the stored personal data is important and extra protective.