Data loss has become a very hot topic in recent years. Losing business or private data is often a painful and often irreversible experience. Cyber-attacks, theft, flooding, fire, breakdowns – there are many scenarios for losing important data. Unfortunately, humans are responsible for around 25% of all such cases. The only sensible solution is to create (and check) regular backups. Preparing a good backup strategy is a very sensible step, but it is crucial to implement it effectively.
The 3-2-1 rule
The 3-2-1 rule for backups is a method to ensure that your data is really secure (not just good on paper). This simple and universal rule tells you how many backups you should make and where to store them. So:
always have three different backups,
use two different data storage technologies (cloud, USB stick, external hard drive, LTO tape, etc.),
Always store one backup off-site.
Personal data, transaction data, contracts, medical data, source codes, sensitive information are just some of the business data that should be backed up off-site. Family photos, computer backups, contacts are some of the private data that are particularly painful to lose.
Data retention and backup regulations in Switzerland and the European Union
In Switzerland and the European Union, there are regulations on data retention and backup to protect personal data and ensure its integrity and availability. The key laws and their main provisions are as follows:
Switzerland
In Switzerland, data storage and backup issues are mainly regulated by the Federal Act on Data Protection (FADP), also known as the Datenschutzgesetz (DSG). A new version of this law came into force on 1 September 2023, bringing Swiss regulations into line with modern data protection standards.
Key aspects of the FADP regarding data storage and backups:
Obligations of data controllers: Companies and organisations that process personal data are obliged to implement appropriate technical and organisational measures to protect the data against unauthorised access, loss or destruction. This also includes regular backups and their secure storage.
Records of processing activities: Data processors must keep records including the purposes of the processing, the categories of data processed, information on data recipients and a description of the security measures applied.
Reporting of breaches: In the event of a data breach that could result in a high risk to the rights and freedoms of individuals, data controllers are required to report the incident to the Federal Data Protection and Information Commissioner (FDPIC) without delay.
Failure to comply with these obligations may result in financial penalties of up to CHF 250,000.
The introduction of the new version of the FADP is intended to bring Swiss regulations closer to standards in force in the European Union, such as the General Data Protection Regulation (GDPR). Although Switzerland is not a member of the EU, the alignment of regulations facilitates cross-border data flow and cooperation with member states.
In practice, this means that organisations operating in Switzerland should pay particular attention to the security of stored data, regular backups and monitoring compliance with applicable regulations to ensure the protection of personal data and avoid potential sanctions.
European Union
General Data Protection Regulation (GDPR): Regulation (EU) 2016/679, known as the GDPR, has been in force since 25 May 2018. It defines the rules for processing personal data, including the obligation to ensure its security, integrity and confidentiality. Data controllers must implement appropriate technical and organisational measures to protect data against unauthorised access, loss or destruction.
Network and Information Security (NIS) Directive: Directive (EU) 2016/1148, known as the NIS Directive, obliges operators of essential services and digital service providers to implement security measures to protect against cyber threats, which also includes aspects related to data storage and backup.
Good practices and recommendations
In addition to the applicable regulations, it is advisable to follow good practices for data storage and backup, such as:
Regular backups: Regularly backing up your data minimises the risk of data loss.
Storing backups in secure locations: Backups should be stored in places protected against physical and technical threats to ensure their availability when needed.
Testing data recovery procedures: Regularly testing backup recovery procedures allows you to verify their effectiveness and readiness in case of a disaster.
Compliance with the above regulations and the application of good practices in data storage and backup is crucial to ensure information security and compliance with applicable legal regulations.
Storage of backup copies in Safebox24 vaults
At Safebox24 vaults, we are prepared to store backup copies for business and private customers. We offer you suitable conditions in our facilities, safes and deposit boxes as well as special packaging for discs to store backups in the form of, for example, LTO tapes or blue-ray discs.
Each of our facilities meets the strict requirements set by applicable laws and a reputable insurer, including:
certified vaults with a high security class;
24/7 monitoring with security;
adequate resistance to weather conditions and events such as fire or flood;
access control and user identification;
24/7 access to the vault and safe deposit box;
A unique insurance policy that covers the safe deposit box up to CHF 500,000 against all risks without revealing the contents.
Summary
Nowadays, proper storage of backup copies is an important part of security policy. At least one of the backup copies should be stored in a secure location outside the company. Safebox24 offers the option of storing backups in a certified vault in Zurich, Switzerland. Customers can deposit their backups in a selected safe deposit box with 24/7 access and adequate insurance. In crisis situations, access to backups secured in this way is a key aspect of the Business Continuity Plan.
About us
Safebox24 is one of the largest independent vault operators in the European Union and is the first private, automated vault operator in Switzerland. Since 2019, we have been offering vault space in modern, certified facilities, along with a customised Lloyds insurance policy, professional service and 24/7 access for customers.
Together with the vault, Safebox24 AG was granted a licence to trade in precious metals in 2024 and we are developing the Suisse-Gold brand.
Comments