Der ISO/IEC 27001 Auditor / Lead Auditor mit langjähriger Tätigkeit in führender Funktion agiert für Kunden und Kollegen als kompetenter Ansprechpartner im Bereich der IT und IT-Security. Neben jahrelanger Erfahrung bei der Betreuung und im Management von komplexen Software- und IT-Projekten, VDI/Virtualisierungs- und NAC (Network-Access-Control)-Lösungen fühlt sich der zertifizierte Microsoft Spezialist auch im Bereich der Softwareentwicklung zu Hause. Mit seinem weitreichenden Wissen und vielseitigen technischen Know-how bereichert er Kunden und Team gleichermaßen.
Backup strategy: Perform backup in compliance with GDPR
In order to meet the requirements of Art. 5 GDPR and Art. 32 GDPR, it is essential to secure the data in the form of a backup.
The backup is intended to provide protection in the event of loss, destruction or damage to the data. A backup thus also guarantees the availability and the possibility of rapid restoration of the (personal) data.
You should always store backups offline and disconnected from the system. In this way, you ensure that these are not encrypted at the same time, for example in the event of an attack by an encryption Trojan. This is the only way to restore the system and data from the backup.
The frequency with which a backup is created should be based on the frequency with which the data is changed so that the most current data possible is contained in the most recent backup in the event that the data is restored using a backup. For companies with transaction frequencies, such as banks or online shops, it makes sense to back up data every hour or even more frequently. For other systems in which the data does not change so quickly and in terms of quantity, a daily backup is usually sufficient.
You should also regularly test the recoverability of the backup.
In order to regulate all these points uniformly, a backup and restore concept should be available in every company, which is often used from a data protection point of view as evidence of compliance with the requirements of Art. 5 GDPR and Art. 32 GDPR.