Blog & News

Disaster Recovery: Business Continuity and GDPR compliance

Disaster Recovery is a plan that is developed in order to restore the possibility of access and all the IT functionalities that are enabled in the IT infrastructure, for instance a company IT infrastructure. When a disaster occurs, these functionalities are violated due to natural events, such as earthquakes, fires or floods, or due to IT illegal attacks, or again due to human errors that have a huge impact on the malfunction and damage of the whole IT infrastructure.

What is the most important thing in in such a situation? Having the possibility to restore the IT infrastructure, exactly how it was before the disaster.
This is stickily connected with the Business Continuity topic. In fact, a rapid restore program or a server backup with a Disaster Recovery plan allows to reduce the period of suspension of business activities and maintain a higher business continuity level.

Specifically,Business Continuity is a business project that leads to the protection and the maintenance of operation and business functions after an emergency that causes a damage of the IT infrastructure. When considering the Business Continuity, the meaning of disasters is wider and they can refer to electricity losses, battery malfunctions, or even the reduction of the number of personnel in a core business area.
A suspension of the business activities lead to consequences on the company and to the loss of profits.
Without a Business Continuity plan, a company can occur in huge losses.

Furthermore, some points are crucial:

  • Establishing a Disaster Recovery plan allows the restore of the Business Continuity. The plan aims at dividing disasters in different levels and priorities (from a Business Continuity point of view) in different system and IT areas that are present in the company.
    The Disaster Recovery plan does not include only the activities to follow to restore the infrastructure but also all the activities related to the prevention of disasters, such as periodic controls over the whole infrastructure.
  • Business Continuity and Disaster Recovery plans are crucial steps for companies that need to fulfill the requirements of management standards ISO 27001, ISO 22301 and, in particular, ISO 27031. In fact, the standard ISO 27031 requires that strategies should define the approaches to implement the required resiliency in order to implement principles of prevention, detection and restore from disasters. Applying pre-established protocols of Business Continuity and Disaster Recovery that aim at reducing the human errors to the minimum.
    A Disaster Recovery plan has to be implemented internally or, more frequently, externally with an expert company that composes a plan considering that it is a volatile environment and the Disaster Recovery plan has to change with business changes and so it is essential to review documents and contracts to keep them updated with the current infrastructure of the company.
  • Moreover, on 25 May 2018 took effect the EU general data protection regulation 2016/679 GDPR, the new data privacy and security law.
    And it states that: "Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:[...] (c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident [...]”

    Disaster Recovery is the only plan that fulfills the GDPR requirements and allows to restore rapidly every damaged data.

Contact us to develop a tailor-made Disaster Recovery plan with our specialized technicians and start being totally GDPR compliant!