Concerned about GDPR compliance? VTL could be part of the solution

GDPR compliance

By now, you have probably heard that we’re set to see the biggest change to data privacy legislation in decades with the introduction of the General Data Protection Regulation (GDPR) on 25th May 2018.  But do you know how it will affect different areas of your business, and are you sure that you’ll be compliant by the May deadline?

One area that could be easily forgotten is your backup solution. If your business holds any personal data of EU citizens, you will be held accountable to the GDPR – this includes any data that can be used to determine a person’s identity, from their IP address to their social media posts. As it’s likely that you have this kind of personal information in your data backups, you must ensure that you have the optimum backup solution for GDPR compliance.

While physical tapes have been the backup solution of choice for organisations for a number of years, companies are starting to move towards digital solutions like the Virtual Tape Library (VTL). With the VTL, your data is virtualised and stored on hard disk drives, emulating many common physical tape libraries from multiple vendors. This makes it quick and easy to deploy, and compatible with almost every backup app or agent. In addition, the VTL has some key advantages over physical tape backups that could make a real difference to your business when it comes to GDPR compliance – let’s take a look…

Ensure your data is secure

Under the GDPR, businesses must ‘implement appropriate technical and organisational measures’ to ensure that the data they hold is secure. If you fail to implement these measures, and you have a data security breach, you can be fined up to 2% of your annual global turnover or €10 million – whichever is greater.

Storing your backup data on physical tapes means that you not only risk losing data through tape degradation or damage, you could be vulnerable to a security breach if physical tapes are lost or stolen. As the data on physical tapes isn’t encrypted, the data they contain can be accessed easily.

GDPR recommendations include encryption of data, and this is something that can be easily built in your VTL solution – your data can be encrypted both at rest and in-flight (when it’s transferred from your server to your VTL provider). This means that if data happened to go astray, it wouldn’t be readable – so you can demonstrate that you’ve taken the appropriate security measures required by the GDPR.

Easily erase backup data

A key element of the GDPR is the right to be forgotten. Members of the public can ask you to remove all of their personal data, and you will need to do so in a timely manner or face a fine – this includes any backup data you may have.

If you’re backing up your data to physical tapes and you receive a request to remove an individual’s data, it’s likely to be time-consuming and costly to fulfil. You must access, identify and wipe an entire tape to remove just a single file from it, and as you receive more requests for erasure you could find that you’re constantly paying for tapes to be couriered back and forth from off-site tape storage.

By using a VTL service you’re able to respond to a request for erasure more quickly than you would be able to if you had to wait for a tape to be delivered to your site, as backup data is accessed remotely. There won’t be any delivery or courier costs either, supporting your compliance in a more timely and cost efficient manner.  

Act now to get ahead

While the GDPR doesn’t come into force until 25th May, you should act now to ensure you’re compliant in time. If you’re interested in finding out more about the benefits VTL could bring to your business, or how GDPR will affect any other aspect of your IT infrastructure, talk to one of Blue Chip’s experts today – simply call 01234 224400 or email


  • Cookies


This website and our partners use cookies to provide you with the best experience. By clicking, “Accept” or continuing to browse, you agree to the use of cookies. Read our privacy policy here.