Compliance and GDPR

Keep your data immutable so you can document and recover not just all data , but all data processing, ensuring compliance and easy access to everything that has impacted the data.

How do you ensure compliance? Keepit

Data backup and recovery are inextricably linked to compliance. And as a European vendor, compliance is second nature to Keepit: Our services are built to make compliance requirements easy to accommodate for customers. And our company is rigidly compliant with all relevant regulations in the regions we operate in.

Our headquarters are in the EU, so GDPR and NIS2 compliance are a given. And we have isolated data centers in USA, Canada, Australia and the UK to ensure that our customers who process data in those regions can always be 100% certain that they can customize their backups to comply with local regulatory requirements.

Design and security

At the technical level, we employ blockchain technology, cryptography, purpose-built APIs, and systems and service segregation.

Each one of our regions operates active-active from separate physical locations to protect not only against the forces of criminals seeking to compromise your data, but also against the forces of nature, too.

Secure by design

Deletion impossible

For you as a user, you will notice that — just like a tape in a vault — you cannot alter your backup datasets. You cannot rewrite history. You cannot even delete your account without going through a holding period. What this means to you is that an attacker who takes your identity will face the same restrictions. In other words, you are practically invulnerable to ransomware.

GDPR article 17

A common question that arises from this is how we comply with GDPR Article 17 (The Right to be Forgotten), now that the backup history cannot be modified.

This is a fair question, especially as (at the time of this writing) there are no court rulings on this yet. It is the position of the UK Information Commissioner's Office (ICO) that a company needs to comply with a valid Article 17 request to delete data on live systems (your primary systems). The ICO accepts that data can typically not be deleted immediately from backup systems, and that such data therefore will reside in the backup set until the end of the backup retention period.

NIS2 compliance

Organizations impacted by NIS2 must adhere to the conditions by October 17, 2024.

NIS2 aims to strengthen security requirements through an expanding legal framework, and thereby increasing cyber resiliency across the EU. A backup and recovery solution can help your organization ensure compliance with NIS2. But how?

Keepit supports the EU initiative on protecting digital infrastructure, sensitive business data, as well as personal data. As far as cyber resiliency goes, having a true backup — a backup that’s homed separately from the primary data in an independent cloud infrastructure — is a surefire way to ensure compliance and business continuity through data accessibility and data recovery 24/7, some of the hallmarks of Keepit’s backup and recovery service.

Assess your NIS2 readiness

Achieving compliance

At Keepit, we find this to be a very reasonable interpretation of the legislation as it grants individuals the highest protection possible while still accepting the reality of real world backup systems and the inherent conflict between the necessity of immutable backup and the desire for dataset expiry.

We believe that Keepit is an essential tool in helping you on your path to GDPR compliance. Like with any other legislation, you will need to implement workflows to actually achieve compliance.

Get inspired

Data compliance makes third-party security a must

Why is regulatory compliance so important? And how to minimizing or avoiding risks of non-compliance?

Frederik Schouboe, CEO at Keepit, talks about the increased focus on data compliance and how third-party cloud backup services help companies ensure business continuity. stay in compliance, and keep cost predictable.

"We needed an easy and cost-efficient setup that is still secure and is compliant with GDPR, while still providing 100 percent uptime. Therefore, we ended up with Keepit."

Nenad Ljubetic

Head of IT, Alfred Talke

Services

Fully automated data protection across all the popular SaaS apps

Keep your favorite SaaS application data and metadata immutable, always accessible, and quickly recoverable with our granular restore functionalities. With the broadest services coverage range and transparent pricing, you’ll see why Keepit is the best choice for minimizing risk, strengthening cyber resiliency, and ensuring business continuity.