Must you have implemented a backup solution in place to comply with the GDPR?


Under Article 32(c) of the GDPR it states that your data controller/GDPR owner must have the “ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.”

You may believe that your current backup, if you have one, is sufficient but if you simply backup up your files to a hard drive or a server hosted in your office, you are putting your data at risk of being lost without a way to recover them.

How would you recover that data if your building were to burn down, flood, or in the event of a successful cyber attack? With the only copy of that data now gone, how do you get your data back?

It may seem like we are only discussing the extremes but these events could all happen and, as a Risk Management company it’s our responsibility to assess any possible risks to your business.

We believe that to completely protect your business from long term data loss you should have a comprehensive and full backup of all essential data, which is then stored in various locations (i.e. the cloud). This will mitigate the risk of your losing your data and demonstrate to your customers, staff, suppliers and the ICO that you take data security seriously.

Wouldn’t you rather leave to go off on your Christmas break knowing that you’re secure, backed up and protected in the event of a disaster?

To discuss putting a backup solution in place, give us a call on 0114 223 8000 or email us at