Business Continuity Plan and GDPR
If we want to comply with the GDPR,
is it mandatory that we come up with a Business Continuity Strategy/Plan?
Or will a Disaster Recovery Plan be sufficient? Which we are writing for ISO 27001 anyway.
Assign topic to the user
The Disaster Recovery Plan should be sufficient in this case. The requirements in Article 32 GDPR - Security of processing are for a data controller to “implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: […]
(b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;”.
If your Disaster Recovery Plan matches these requirements, it should be OK.
Please also consult these links:
- Article 32 GDPR – Security of processing: https://advisera.com/gdpr/security-of-processing/
- Can the GDPR trigger better security in a company? https://advisera.com/articles/what-is-the-influence-of-the-gdpr-on-security/
Comment as guest or Sign in
Jul 12, 2023