Data Backup Digest

Government officials from all corners of the globe have been considering the idea of implementing a common set of standards to regulate the use of personal data online. It's been a key point in many discussions ever since consumers started embracing the Internet – and it seems we finally have a start on the process with GDPR or, as it's officially known, the General Data Protection Regulation.

What is the GDPR?

The GDPR was initially designed in mid-2016 by members of the European Parliament and the Council of the European Union, but it wasn't enacted until May 2018. Now that it's in place, any company that collects or processes data from EU residents must abide by its rules and standards – regardless of the geographic location of the company. Those who fail to abide by the GDPR face serious fines.

What Does the GDPR Cover?

In short, the GDPR protects EU residents and their personal information. From a legal standpoint, the GDPR comprises a total of 99 different articles that are broken up into 11 chapters. The GDPR applies to every company or organization that works with the personal data of EU residents.

According to an official statement from the European Commission, this includes: ''"any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer's IP address."''

It's also important to note that governmental entities or law enforcement organizations that process such data for the purposes of national security are exempt from the GDPR.

But the GDPR doesn't just apply within the EU. As mentioned, any company that processes personal data from the EU populace must abide by the rules. The GDPR goes on to mandate that businesses report any data breach within 72 hours of the incident.

The Potential for Future Problems

While the GDPR is certainly a step in the right direction for consumers, it's not perfect. Critics of the GDPR are quick to point out serious issues – including problems that affect most modern backup software.

According to article 17 in the GDPR, the right to erasure requirements, sometimes referred to as "the right to be forgotten," states that all EU citizens maintain the right to have their personal data erased at any time. While the right is not absolute and there are some restrictions, some IT experts are concerned about the average company's ability to comply with such requests in the future.

Most backup and restoration programs aren't sophisticated enough to implement GDPR compliance. They simply don't have the functionality needed to examine records and erase them in this capacity. Moreover, some companies use drive snapshots to backup their data. While the GDPR standards obviously apply to typical backup activities, the laws aren't as clear when dealing with snapshots.

Following the Guidelines

There are still some challenges to overcome, but the GDPR – or at least some form of it – could be adopted by other countries in the near future. It's important to get it right now; or else we might never reach the top of that uphill battle.