GDPR Compliace — Who’s got your Back(up)?
Anand Prahlad
Jan 15, 2018 · 4 min read

The EU’s General Data Protection Regulation is set to come into effect in roughly 4 months. And while a lot has been written about it, not enough is being said about the need to have a solid data backup strategy.

Here’s why it’s increasingly important, especially in the light of GDPR.

What is GDPR?

For those only just tuning into this conversation, earlier in 2016 the EU Commission — the executive arm of European Union — passed Europe’s new law on data protection, the General Data Protection Regulation, which is expected to come into effect on May 25, 2018.

What you need to know in particular is that this new law affects all global businesses, especially the ones dealing with EU members.

Effectively, any business that captures and ‘processes’ data of citizens of EU, irrespective of their geographical location, will be obligated to abide by the new GDPR rules. Which means, if you are a business based outside of the EU but offer goods and services to individuals within the Union and/or monitor their behavior in any way, GDPR will apply to you!

So, while you may think that GDPR is just an ‘EU thing’, it’s clear that the repercussions will have serious bearings on just about every business even vaguely associated with the Union. In fact, expect to shell out anywhere around €10M or up to 4% of your company’s annual revenues for the most severe violations of these new data privacy rules.

It is sanctions like these that put GDPR on par with the region’s already burdensome and free competition-preventing laws.


Essentially, GDPR gives the citizens of EU immense ability to control the data they share. Which broadly means that you, as a business, now has to obtain explicit consent from your people before you collect and store their data. You have to make your intent clear and even offer assurances around how you intend to protect it. Note: GDPR mandates the need to have a dedicated data protection officer in organizations. But more on this later.

Also, going forward, all EU-associated businesses, under article 32(1), sections (a)-(d) of the GDPR laws, are required to have a Disaster Recovery Plan — the ability to promptly and safely restore and make available data in the event of a technical or natural catastrophe.

Which means, the rules now not only take away the control from you, the entity seeking to capture user data, but also necessitate the need for all EU-affiliated businesses, big or small, to set up a backup and recovery protocol that ensures safe access to data at all times.

What should you should Backup?

Forgot about end-user data security? Well, you aren’t alone.

Most IT departments, when thinking about security and backup strategies, limit themselves to servers and enterprise databases, ignoring the end-user database security. Statistics tell us that only 52% of all IT enabled-organizations have any kind of formal process for securing corporate-owned endpoint devices.

Endpoint data is the data that resides not in a central file or a DB server, but on desktops, laptops, mobile phones, and even your SaaS applications. And, even by conservative estimates, this data on devices accounts for more than two-thirds of a company’s total data assets!

This is exactly the reason why securing device data is necessary — to minimize any risk that may arise due to the device’s access to the larger, more important enterprise data.

By battening down the devices and the data on them along with your enterprise data assets and servers, you exponentially enhance the overall security of you critical data centers.

And, in the light of GDPR, it has become necessary to undertake thorough and safe data backup and security measures that can prevent and minimize any possible breach of the user privacy as well as modern-day privacy laws. And this includes measures pertaining to endpoint device security as well!

  • Two thirds of enterprise data lies outside the data center on end user devices, such as a (like laptops).
  • 99% of employees have sensitive data on their laptops and almost a third admit to uploading it to the cloud.
  • SaaS vendors don’t take the responsibility for backing up your data — you are responsible for your data backups — even when it is in the cloud.


With GDPR just around the corner, the new rules will leave you with very little wiggle room. With fines as high as 4% of your annual global turnover, the cost of non-compliance is too high for businesses to ignore the need for employing proper data backup and protection technologies.

Investing in long-term solutions, and quickly too, that safeguard data at all levels is crucial if businesses, big and small, wish to survive and succeed in this upended digital age, one where proximity to private information is not only difficult but imposes adherence to global privacy regulations.

I have been following the development of GDPR for a while now, and one thing I can say with absolute certainty is that it will radically change the way global businesses, not just EU-affiliated ones, approach data collection, processing, and storage. Security will be table stakes in the days to comes and no organization, including yours, can hope to scale globally without compliance.

On that note, if you need help understanding GDPR, feel free to comment on this post or write to me or my team at

Anand Prahlad

Written by

Over 25 years of experience in building enterprise software solutions, CEO - Parablu, Ex-MD & Head of McAfee’s R&D Center in India, Ex-SVP CommVault.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade