With the arrival of GDPR on May 25th 2018, companies and organisations are going to have to make sure all personal data is stored safely and can be retrieved and identified easily for Subject Access Requests. So what should Data Protection Officers and Business Owners look for in their data storage and management system? Here are 7 things to look for in your post GDPR data storage solution to help you with compliance:
Control where your data is and how it’s stored, shared and accessed
#1. Data Encryption
Your data storage system should have robust security standards including AES 256-bit encryption and physical safeguards. Additional protection layers, such as encryption using HTTPS/SSL with a 2048-bit SSL certificate, will also help to protect your data transmission from being intercepted during transfer.
#2. Network Firewalls
You need to have infrastructure services that are securely partitioned from any public access in a “virtual private network” environment, with logical firewalls that restrict unauthorised access without appropriate credentials.
#3. Scheduled Audits
Security vulnerability assessments and data integrity tests should be conducted on a regular basis to ensure that your data has not been compromised or altered in any way. Additionally, ongoing systems audits, penetration, and preventative hacking tests should be part of your data solution.
Recommended reading: Do You Have Command and Control Over Your Data
#4. Data Backup and Recovery
Your data management solution should follow (and ideally exceed) industry standards for data backup and disaster recovery. Customer data should be retained indefinitely as long as an account is in “active” status.
#5. Safe Data Sharing
Collaboration and data sharing should be totally secure and better than common vehicles such as hard drives, portal drives, and email. Also, only the data owner should be able to initiate sharing.
For GDPR collaboration and data sharing should be totally secure. Click To Tweet
#6. Data Retention
Check that your data solution offers data retention rules to allow automatic deletion of files of a certain age with fixed and custom time frames. Tagging of data files to allow for retention and management means you are meeting GDPR compliance obligations.
#7. No Data Snooping
No-one outside (apart from users the customer authorises) should be able to access your data. Even your data storage solution company should have no rights whatsoever to look at or access your data.
GDPR Tip: Even your data storage solution company should have no rights whatsoever to look at or access your data. Click To Tweet
Rinodrive has been built to meet these requirements. At Rinodrive security and privacy are a highest priority. We understand that the confidentiality of data and protocols are critical. All of your data is stored in highly secure data centres managed by dozens of compliance programs and audit safeguards. Try Rinodrive and discover for yourself that there’s an affordable and easily implemented solution.
Ready to give Rinodrive a go? Signing up for a free trial is just
What criteria have you been looking at for your data management and storage solution? What’s your experience so far? Share your thoughts below.
Join our conversation ‘all about data’ on Twitter and LinkedIn. And keep up with what’s going on in the world of data by trusting us with your email for monthly mailings (and we store it on Rinodrive so it’s super safe)
About The Author:
More posts by