More like: your company (or government agency) is critical infrastructure or of a certain size, so there are obligations on how you maintain your records. It’s not like the US or other countries don’t have similar requirements.
Nope: The other way around. If you are of a certain size, you are required to ensure certain criteria. NIS-2 is the EU directive and it more or less maps to ISO27001 which includes risk management against physical catastrophes. https://www.openkritis.de/eu/eu-nis-2-germany.html
Of course you can do backups if you are smaller, or comply with such a standard if you so wish.
(Without knowing the precise nature of these laws) I would expect that they don't forbid you to store backups elsewhere. It's just that they mandate that certain types of data be backed up in sufficiently secure and independent locations. If you want to have an additional backup (or backups of data not covered by the law) in a more convenient location, you still can.
This kind of provision requires enforcement and verification. Thus, a tech spec for the backup procedure. Knowing Germany good enough, I'd say that these tech spec would be detrimental for the actual safety of the backup.
More like: your company (or government agency) is critical infrastructure or of a certain size, so there are obligations on how you maintain your records. It’s not like the US or other countries don’t have similar requirements.
[flagged]
> This is incredible. Government telling me how to backup my data. Incredible.
No more incredible than the government telling you that you need liability insurance in order to drive a car. Do you think that is justifiable?
8 replies →
Nope: The other way around. If you are of a certain size, you are required to ensure certain criteria. NIS-2 is the EU directive and it more or less maps to ISO27001 which includes risk management against physical catastrophes. https://www.openkritis.de/eu/eu-nis-2-germany.html
Of course you can do backups if you are smaller, or comply with such a standard if you so wish.
18 replies →
It feels like you are being obtuse/arguing in bad faith. Of course there are standards on backups. Most countries have them.
Let's think what regulations does the 'free market' bastion US have on computer systems and data storage...
HIPAA, PCI DSS, CIS, SOC, FIPS, FINRA...
2 replies →
(Without knowing the precise nature of these laws) I would expect that they don't forbid you to store backups elsewhere. It's just that they mandate that certain types of data be backed up in sufficiently secure and independent locations. If you want to have an additional backup (or backups of data not covered by the law) in a more convenient location, you still can.
> sufficiently secure and independent locations
This kind of provision requires enforcement and verification. Thus, a tech spec for the backup procedure. Knowing Germany good enough, I'd say that these tech spec would be detrimental for the actual safety of the backup.
wild speculation and conjecture
3 replies →
Certain data records need to be legally retained for certain amounts of time; Other sensitive data (e.g. PII) have security requirements.
Why wouldn't government mandate storage requirements given the above?
No it doesn’t. It does however need to follow the appropiate standards commensurate with your size and criticality. Feel free to exceed them.