Did you know, older style back-up methods containing your customer data, such as USB flash drives and Tape Back-ups, ARE NOT GDPR compliant?
Why the old back-up methods are not GDPR compliant
- Tape back-ups are not encrypted.
- Both tape and USB flash drive back-ups are defined as removable media. In turn this leads to your customer data being easily misplaced.
- There is no data retention on the number of back-ups that may have and can be performed. This can lead to old customer data laying around. Thus the right to be forgotten compliance is void.
How Does uVault Backup Work?
Your ESP system data and customer data is automatically backed-up to a secure off-site Microsoft Azure datacentre based purely in the UK (London). The datacenter is fully ISO/ IEC 27001:2013 certified and a GDPR compliant data processor.
The data is compressed and encrypted (256 bit symmetric AES encryption) at source with a unique, secure and strong private key which is then uploaded to the datacentre via a 1024 bit RSA public key secure and encrypted transmission.
The first back-up run to the datacentre is a full back-up with all other proceeding back-ups being incremental (that is, only files which have been altered since the last full backup get backed-up). This in turn permits fast upload times and low internet bandwidth use.
Data arrives at the Microsoft Azure uk datacentre in London on local redundant encrypted storage designed to provide at least 99.999999999 % durability of objects over a given year by keeping multiple copies of the encrypted data in the one datacentre for resilience and failover capabilities (second copy of backup). Backup data retention is no longer than 30 days.
At the same time your data is being prepared for upload to the datacentre, an encrypted copy of your ESP system data is taken locally direct to the ESP server itself (third copy of backup), fully encrypted (RFC4880) via a unique, strong and secure private key. Access to your ESP server is highly restricted and the data does not leave the server. Again, backup data retention is no longer than 30 days.
uVault backup in 3, 2, 1…
The small print:
uVault back-up solution only available to ESP server environments with valid support maintenance running Redhat Enterprise Linux 6 or 7 with access to a 1.5Mbit or above (download and upload) internet connection * Restoration times of datacentre back-up data, compared to that of local ESP based backup, are not comparable and in some cases can be longer given Microsoft Azure datacentre server load at the time of restore.