Business Continuity Plan and GDPR
If we want to comply with the GDPR,
is it mandatory that we come up with a Business Continuity Strategy/Plan?
Or will a Disaster Recovery Plan be sufficient? Which we are writing for ISO 27001 anyway.
Assign topic to the user
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
The Disaster Recovery Plan should be sufficient in this case. The requirements in Article 32 GDPR - Security of processing are for a data controller to “implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: […]
(b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;”.
If your Disaster Recovery Plan matches these requirements, it should be OK.
Please also consult these links:
- Article 32 GDPR – Security of processing: https://advisera.com/gdpr/security-of-processing/
- Can the GDPR trigger better security in a company? https://advisera.com/articles/what-is-the-influence-of-the-gdpr-on-security/
Comment as guest or Sign in
Jul 12, 2023