OwnBackup announced the availability of its comprehensive General Data Protection Regulation (GDPR) readiness solution for Software as a Service (SaaS) data backups—filling a void in both understanding and complying with the nuances of the GDPR in the periphery of backed-up data.
“Privacy and data protection are now a global concern. Any company that controls the data of EU customers is subject to the GDPR and there is similar legislation on the table in the United States. Unfortunately, there is still much uncertainty about how to manage privacy risks associated with backed-up data,” noted Carl Gottlieb, Data Protection Officer at Cognition Secure. “Being able to effectively meet rising regulatory demands within one data backup protection platform like OwnBackup is essential.”
Built on the award-winning OwnBackup backup and recovery service, the new GDPR features help customers easily respond to EU Data Subject rights requests, such as Right to Rectification, Right to Erasure, and Right to Data Portability, as they apply to personal data within backups and archives.
“We have seen a lot of confusion and little guidance in the marketplace about backed-up data and GDPR compliance, leaving many SaaS users with questions,” said Sam Gutmann, CEO of OwnBackup. “OwnBackup has been designed with privacy in mind from the onset. As a Data Processor under GDPR, it’s our job to ease the path to GDPR compliance. As a continued pioneer in SaaS backup, recovery and replication, we have extended our platform to support clients in meeting, and even exceeding, GDPR requirements as they relate to backed-up data.”
The OwnBackup GDPR solution helps customers meet their GDPR requirements for SaaS backups in balance with company processes and operations through customized GDPR tools. Highlights of the latest OwnBackup release include:
Rectification Requests: To support Data Subjects’ GDPR right to have their personal data updated, Data Controllers can now submit rectification requests directly through the independent OwnBackup application.
Erasure Requests: To support Data Subjects’ GDPR right to be forgotten, Data Controllers can now submit erasure requests directly through the OwnBackup application.
Full Audit Logs and Notifications: After a Rectification Request or Erasure Request is processed, a notification is sent to the Controller’s administrators confirming that processing has completed.
Configure Retention Period: SaaS system administrators can implement customized backup retention policies to match their organization’s corporate risk tolerance for retention of EU Subject Data. OwnBackup users may set custom data backup expiration dates, whether days, weeks, months or years.
Advanced Find: Users can quickly search for Data Subject information across backups, including archived data and within attachments.
Export Data: Users can also export or transfer a Data Subject’s personal data, in .CSV file or SQL database format, to support GDPR Right to Data Portability.