Databack - Récupération de données
Request a quote
THE BLOG

Large companies and data loss

Large companies and SMEs face different issues when it comes to data loss. Subject to the same legal obligations under the RGPD, large companies face increased risks and therefore incur greater legal liability in the event of loss.

Large companies more exposed to data loss

Large companies, mid-sized companies and multi-site businesses are more prone to data loss than SMEs. It goes without saying that the likelihood of loss increases with size, the diversity of IT networks and the nature of the structure. For example, a company with separate sites for administration, production or marketing will see the risks associated with damage of natural origin increase due to geographical disparity.

The nature of the scenarios affecting GEs and ETIs is also more diverse. Generally speaking, SMBs are subject to the same risks as personal users, particularly in terms of computer malware. While SMEs are subject to non-targeted attacks, Clusif’s annual reports show that acts of targeted cybercrime (cryptoware, ransomware…) exclusively affect large companies.

Data loss: there’s no such thing as zero risk

GE and ETI have more resources to take risks into account and deploy the necessary preventive measures: data storage on RAID systems, secure servers or in data centers; best practice charters and employee training; continuous availability strategies; etc.

Nevertheless, even the best infrastructures and the most demanding best practices cannot completely reduce the risk of data loss. Faced with natural damage, fire hazards, unexpected hardware failures, internal malicious acts… there is no such thing as zero risk.

RGPD and the legal responsibilities of company directors

Managers, CEOs and Managing Directors can be directly held criminally or civilly liable in the event of data loss. Their involvement extends well beyond legal obligations to retain certain data for several years (5 years for pay slips, 10 years for invoices, etc.).

The RGPD (General Data Protection Regulation, or Regulation no. 2016/679), with an effective date of May 25, 2018, strengthens the protection of personal data relating to residents of the European Union. Under this regulation, every company is legally responsible for the personal data it stores, processes or uses. Any company manager may thus be held accountable for their loss, destruction or alteration.

In order to comply with the RGPD, companies must therefore deploy all the necessary security measures to guarantee its availability, authenticity,integrity and confidentiality. What’s more, in the event of a security breach or incident, they must take the necessary steps to restore availability and access to personal data as quickly as possible.

30 January 2018
Back to blog

list of latest articles

KEEP IN TOUCH

SUBSCRIBE TO OUR NEWSLETTER

By entering your email address, you agree to receive the Databack newsletter. You can unsubscribe at any time by clicking on the unsubscribe link at the bottom of the content. You can consult our privacy policy to find out more.
Databack Linkedin