For proper data backup, hardware, software and people must work hand in hand.
On the importance of data backup in data protection
Data protection applies wherever personal data is automatically processed, stored, used and transmitted. Above all, adequate data backup is of considerable importance. Data protection and data backup are inextricably linked. Adequate data protection would be inconceivable without the establishment of a regular backup and sufficient security of the data.
The area of data backup includes per Definition All measures for the secure storage of automated information on data carriers. PC, external hard drives, USB sticks: there are numerous forms, automated data.
If this is personal or personally identifiable information, data protection comes into play. Above all, this means that the information must be adequately protected against unauthorized access and misuse be.
But how can public authorities and companies adequately secure personal data?
What can a data backup concept take into account?
Data backup: A backup should above all also protect against the destruction of data due to incidents.
Before public and non-public bodies are allowed to store, process and use personal data, there must first be a comprehensive Concept, that the Compliance with data protection regulations ensures. A data protection officer is usually responsible for checking and monitoring the relevant requirements.
A significant part of such data protection concepts is taken up by data backup. The main aim is to ensure that no unauthorized person can access the stored personal data. In addition, data backup is also important to protect the To prevent loss of important data (backups), which could otherwise result in high financial losses for companies.
In the following Some important data backup methods, which are intended to prevent various problems depending on their orientation (force majeure, human error, technical malfunctions):
Storage media
There are now numerous options For data backup: computer and laptop, USB stick, SD card, external hard drive, CD-ROM or DVD, clouds, own servers and and – but not all of them are always equally secure, especially in terms of data protection.
Important in any case is the Sufficient protection against unauthorized access – both physically and technically. If a company wants to back up data using its own server or a server provided by another company, it must ensure that the data can be accessed and stored server rooms not be open to everyone. In addition, they must also be as adequately protected as possible against natural Disasters (earthquake, flood, fire etc.).) must be secured.
In the case of online data backup (e.g. B. cloud-based) often rely on the security measures taken by the commissioned service provider. However, if companies want to arrange for data backup online, they are themselves obliged to ensure that the data protection guidelines are observed.
For this reason, it is always advisable in this case to use service providers who work within Germany or the EU and follow the corresponding requirements of the BDSG and the soon-to-be effective General Data Protection Regulation.
It is particularly important to handle passwords and PCs correctly when backing up data.
Data carriers that can be easily moved, should be more protected from misuse by automated means, as they could be more easily "lost.
If you want to create a backup of important data, the external Data backup on a USB stick but also with appropriate safety precautions rather less on – this can disappear more easily times in the pocket of an employee. And even the best encryption can be cracked in case of doubt.
Access control
Access control is of particular importance when backing up data. As already mentioned, physical security measures alone do not provide sufficient protection against data misuse or theft. The most important of all security measures is the Protection via passwords. These should always be secure, changed regularly and only given to authorized persons.
In addition to passwords, data backups (including private!) the Protection against malware play an important role. Especially when transferring data, receiving e-mails and installing programs, criminals repeatedly use a wide variety of malware that can attack computers, read out and destroy backed-up data.
To ensure the best possible protection against viruses, Trojans, spyware& Co. public and non-public entities must take appropriate precautions: firewalls, anti-virus programs, anti-spyware, etc. But not only do they have to be installed, they also have to be always up to date be. This means: always carry out updates!
In addition, there is also a need for special Sensitization of employees, who deal with personal data. The human factor plays a key role in data protection and data backup.
training for employees
There is also a need for regular training on data backup in companies and public authorities.
People who are employed in data processing must be sensitized accordingly. In non-public agencies, employees who handle personal data must be regularly trained to do so committed to data secrecy be.
In addition to the most important cornerstones of data protection, this also requires a appropriate training regarding data backup: