Arcserve, LLC, the data backup and availability pioneer, announced it has been certified as compliant with the EU-US Privacy Shield Framework, a requirement by the General Data Protection Regulation (GDPR) slated to go into effect May 25, 2018. With this certification, the U.S. Department of Commerce guarantees GDPR compliance for all data stored in Arcserve’s private cloud, making the company 100 percent compliant across business processes, data centers and cloud technologies.
GDPR is arguably the most notable, and potentially costly, regulation in EU law to address the data protection and privacy for all individuals living within the European Union. The EU-US Privacy Shield Framework set forth by the U.S. Department of Commerce, pertains to the collection, use and retention of personal information transferred from the European Union to the United States. Organizations that store any personally-identifiable information of EU citizens within the US must do so with a certified backup vendor to adhere to the regulation. Those found to be noncompliant face fines of up to 20 million EUR or four percent of their global annual revenue, whichever is higher.
“It’s safe to say most organizations don’t realize their backup vendor could cost them 20 million EUR, or roughly 23.6 million USD. But the stark reality is backup providers won’t get hit with the fine – their customers will,” said Oussama El-Hilali, VP of Products at Arcserve. “It’s scary to think some providers tout their solutions as GDPR-friendly, yet their data center could be the very thing that puts their customers out of business. It’s our responsibility, as data protection vendors, to be certain we’re not endangering the viability of organizations that trust us to securely and properly store their data.”
Arcserve Solutions for GDPR
Arcserve’s data backup and availability solutions encrypt data using a two-factor authentication process with 256-bit AES data encryption at the source, in-flight and at-rest. Organizations validate recovery time objectives (RTOs), recovery point objectives (RPOs) and service level agreements (SLAs) with automated disaster recovery testing and application-level recovery. Its secure backup, disaster recovery, high availability and archiving solutions for physical, virtual and cloud infrastructures offer flexible storage options, including a choice of GDPR-compliant data centers located in the UK and US.
All products include role-based access functionality and multiple security features to prevent intentional and unintentional breaches, including password protection, monitoring, alerting, reporting and auditing. Arcserve’s support for varied levels of data availability include RTOs and RPOs ranging from seconds (continuous) to days. Its email archiving product, Arcserve UDP Cloud Archiving, includes a specifically-designed role for Data Protection Officers (DPOs) to manage the entire GDPR process, including quick response to Subject Access Requests (SARs) and the ability to perform the “right to be forgotten” process, among others.