At first glance, there appears to be no difference between the terms data privacy and data protection. And yet the one is not the other. The most important difference between data privacy and data protection is who is generally in charge. Users often decide which part of their data they wish to share and with whom. But who protects privacy-sensitive data and ensures that it remains private? This responsibility lies with the organisations which process privacy-sensitive data. Read here how external data storage on tape supports this.
Treat personal data with care
The difference between data privacy and data protection is expressed in compliance regulations. They ensure that organisations comply with users’ requests for privacy. Since May 2018, organisations in the Netherlands which work with personal data must have organisational and technical measures in force to protect privacy-sensitive data in line with the General Data Protection Regulation (GDPR).
Draw up an effective information policy
Every organisation keeps privacy-sensitive data on internal computers, storage media, websites or in the cloud. Much of this data is needed for operations. The GDPR states that there must be security measures in place which at least guarantee that processing systems and services are reliable, reputable, accessible and resilient. An information policy in line with GDPR is complete when it also contains guidelines for backup and recovery, archiving and destruction of data.
Keep an eye on the retention period
Security measures never entirely remove the risk of a data leak. You can reduce the amount of privacy-sensitive data which might fall into the wrong hands by complying with internal data retention periods. Look at the statutory retention period and that of your own organisation: data which is no longer needed for the purpose for which it was collected or used can be archived or destroyed. The excellent sustainability of tapes makes them ideal for archiving personal data, certainly if it includes medical data, which has a longer statutory retention period.
Act fast if an incident occurs
It is essential to restore personal data as soon as possible. A ransomware attack can lead to unsafe situations at work and elsewhere, financial losses and loss of reputation. Meticulously organised backups will minimise the downtime. Ensure that you have reliable external backups which you can access quickly and safely. This will enable you to get your organisation’s primary processes up and running again in a relatively short time.
Complying with privacy laws: a joint effort
The security and reliability of privacy-sensitive data starts with the basics: internal and external data storage. Do the data privacy guidelines guarantee that unauthorised users cannot access the data? And can you restrict the vulnerability of sensitive data through data protection? Both are necessary to ensure that your data remains secure, but you cannot do it alone. It must be a joint effort.
You take the necessary measures to comply with privacy laws in your organisation and Backupned will take responsibility for protecting your data. Backupned holds an information security ISO/IEC 27001 certificate with respect to managing, transporting and safeguarding organisations’ digital company information, including delivering backup tapes and, where required, destroying tapes (Tape Life-Cycle Management).
If you have any questions about Backupned’s services, feel free to contact us.