With two weeks to go before the compliance deadline for the General Data Protection Regulation, cloud-to-cloud backup vendor OwnBackup is helping its customers prepare for the comprehensive set of rules.
GDPR updates data protection, privacy and access laws across the European Union, and goes into effect on May 25, 2018. It affects not only companies in the EU, but any company that processes data on European Union residents.
The OwnBackup GDPR feature set allows customers to find a data subject’s information within backups.
Built on OwnBackup’s backup and recovery service, the features help customers respond to data subject rights requests, as they apply to personal data within backups and archives, according to the vendor.
The OwnBackup GDPR functionality may be a trend-setter in backup for software as a service (SaaS) applications, such as Salesforce, Slack and ServiceNow, all platforms that the vendor protects. SaaS data is created in the cloud and often needs enhanced protection beyond the basics offered by the applications.
“We’re happy to put a stake in the ground,” said Lee Aber, OwnBackup’s chief information security officer. “We’re trying to move the SaaS backup market forward.”
Key elements of GDPR include:
- The right to be forgotten: Data subjects can request personally identifiable data to be erased from a company’s storage.
- The right to rectification: Data subjects can expect inaccurate personal information to be corrected.
- The right of portability: Data subjects can access personal data that a company has about them and transfer it.
- The right of access: Data subjects can review data that an organization has stored about them.
The OwnBackup GDPR features include:
- Erasure requests, submitted through the OwnBackup application, which support data subjects’ right to be forgotten;
- Rectification requests, submitted through the OwnBackup application, which support data subjects’ right to have their personal data updated;
- Audit logs and notifications, sent to the data controllers’ administrators confirming that an erasure or rectification request has been processed;
- Exporting or transferring a subject’s personal data to support the right of portability;
- The capability to search for data subject information across backups and archives, including within attachments; and
- The ability to set custom data backup expiration dates.
Aber said he has been impressed with how the SaaS community has stepped up to get the word out about GDPR. Salesforce and others have provided guidance and education.
OwnBackup CEO Sam Gutmann said customers have focused on GDPR in the last four to five months.
“Once the regulations are live, I think you’ll see a lot more focus in the U.S.,” Gutmann said.
Gutmann said the OwnBackup GDPR feature set will be live next week. Customers will see a specific tab for GDPR in the administrative console, with its own subset of tools. There is no upcharge for the features, as it’s part of OwnBackup’s core offerings.
OwnBackup plans to add more features, including the ability to apply a group of requests in bulk.
Aber said he thinks interpretation of GDPR will evolve, as will OwnBackup’s approach. Once enforcement begins, Aber suspects the authorities will go after the most egregious rule-breakers.
In general, GDPR provides common sense guidelines around data protection, transparency and privacy that should help organizations.
“It’s not just a compliance obligation,” Aber said. “It actually makes sense.”