Skip to content

Is your backup infrastructure ready for GDPR?


A data breach can have significant impacts on an organisation’s profitability and brand image.

When TalkTalk suffered a data breach in 2016, the Information Commissioner’s Office (ICO) fined the telco £400,000. Beyond this initial fine, other sources estimate the hack cost TalkTalk £60M, and led to the loss of over 100,000 customers. With the introduction of GDPR in May next year, fines are set to increase to a maximum of £17.9 million or 4% of revenue (whichever is greater), and so it’s the perfect time to review your data backup processes.

Data for a specific purpose

The GDPR states that personal data should only ever be collected for a specific, intended purpose. More importantly for backup, you should only retain data for enough time to let you reasonably achieve that purpose. The regulation doesn’t currently specify a time frame it classes as ‘reasonable’, however it’s worth taking a look at your current backup processes anyway to ensure you’re not holding anything longer than necessary.

Data protection by default

Another core aspect of the GDPR is the mandate that all storage infrastructure must be designed to offer “data protection by design and by default” – whether it’s on-premises, or in the cloud. This also extends beyond your own IT systems to those used by third parties you outsource to – and data must also be protected as it travels between these different data centres and clouds. Changing your data storage and backup processes now rather than later will take you one step closer to achieving data protection by default.

Help is at hand

Reviewing your storage and backup processes, tools and infrastructure is the first vital step in ensuring you are meeting the terms of the GDPR – and securing your data against cybercrime. But achieving a deep understanding of your storage estate can be challenging. Without extensive knowledge of the regulation it can be tough to see exactly what is missing from your existing IT policies, and what you need to change to meet the demands of the GDPR.

As a HPE Platinum Partner, DTP has in depth experience implementing the latest HPE storage and backup solutions. Download our free white paper below and prepare your data centre for GDPR compliance.

Download the Whitepaper

Get in touch with one of our storage and backup experts today for a complimentary GDPR compliance evaluation or read our five step guide to become GDPR compliant.


Let’s get together and find out.