Many businesses scrambled to achieve GDPR compliance earlier this year, focusing on identifying where personal information was stored in databases and unstructured formats. Did you remember to look at the data in your backups and archives?
Archiving and backups aren’t the same.
You’ll use your backups to recover data that’s damaged or destroyed. They have a short lifespan and can be discarded or overwritten when there’s no more need to recover the data.
Archives are intended for long-term preservation of historic data. While you’ll want to backup everything for a short duration, archives hold only the data that’s anticipated to have value in the distant future or that’s required to be retained for legal purposes.
Archiving and GDPR
The need to search archives is important for satisfying data discovery in legal proceedings, and is important for meeting General Data Protection Regulation (GDPR) requirements as well.
GDPR gives individuals the right to review the data you hold about them. It isn’t enough to search your current production systems; you need to find the data that’s held about them in your archives, as well. Your archive needs to be able to locate that data easily and export it in a format the user can easily work with.
Many existing archiving products don’t adequately satisfy GDPR, because they don’t make it easy to find personal data. GDPR also requires you to retain personal data for the shortest time possible. Your archiving process should support rule-based retention policies that automatically delete personal data when it’s no longer needed.
It’s also important to ensure archives keep personal data safe. Any archive containing information protected by GDPR should be stored in an encrypted format.
Enterprise Vault Data Archiving
If your archiving process isn’t in compliance with GDPR, take steps to correct that now. Enterprise Vault from Veritas lets you store and manage your archives either on premises or in the cloud. Search features make it easy to locate relevant data, whether for e-Discovery or a GDPR request, and granular policies allow data to be automatically expired when it’s no longer relevant.
The costs of not meeting GDPR requirements can be significant, and it’s never too late to bring your company into compliance. dcVAST offers full support for GDPR compliance, including managed Enterprise Vault. Our team can deploy, manage, and monitor your Enterprise Vault archive, along with other Veritas tools, to provide a complete GDPR solution to your business. Contact us to learn more about how to achieve full GDPR compliance.