Mainframe Blog

GDPR – Some Data Recovery Implications

Phil Grainger
3 minute read
Phil Grainger

GDPR will be here before we realize it, so let’s look at ways that BMC Software’s Recovery Solutions for Db2 and IMS help you not only comply with GDPR, but also help to ensure that your business stays out of the news for all the wrong reasons.

The regulations say that companies must be able to:

…. restore the availability and access to personal data in a timely manner in the event of a physical or technical incident


  • The restoration of data and access to it must be completed in a “timely” manner. Timely is not specifically defined, but you can read as meaning “as quickly as technically possible.”
  • The data must be recoverable after ANY physical OR technical incident.

Many companies believe that their disaster recovery plan with disk mirroring will suffice, but it’s likely to be insufficient for a couple of reasons:

  • Any changes made to the original data will immediately be reflected in a change at the mirror. So, any accidental (or worse, malicious) deletion or update of data will itself be mirrored, and the mirror backup then becomes useless as a recovery mechanism. If this is your ONLY backup, then you may not be able to recover the data at all.
  • A catastrophic data loss of the kind that mirroring is ideally placed to protect is by far the least likely event to occur. Human error, sabotage, or plain stupidity are all far more likely to be the source of your data recovery challenges. These will require a LOCAL recovery (or correction) of the data – and a mirrored device strategy is NOT the best choice here.

To fully comply with GDPR’s insistence on timely recovery from any eventuality, companies will need to have flexible recovery plans in order to react to any data corruption/loss event.

Remember, experience (and other people’s misfortune) show us that your recovery challenge is likely to arise due to a COMBINATION of events leading to data loss or corruption. A combination of events makes it impossible to plan a recovery technique in advance. A software recovery solution is your best choice as only a software-based strategy can give you total flexibility AND the ability to refine the strategy should you ever have to perform a recovery for real.

BMC provides the fastest utilities available for both securing backups and performing data recoveries, the latter ensuring that your company complies with the “timeliness” directive of GDPR. Your own auditors will define what “timely” means for your company, but you are going to need to restore access to the data as fast as possible.

BMC has you covered with:

  • A software-based recovery solution enabling data to be recovered no matter what the originating incident(s)
  • Creation of all the steps necessary to perform that recovery, eliminating the “think” time that will slow down recovery efforts
  • The fastest recovery tools on the market for both Db2 and IMS

Remember, GDPR comes with sanctions. Failure to comply with GDPR can ultimately result in a fine of up to 4% of annual GLOBAL REVENUE or €20 MILLION whichever is the HIGHER (and at today’s exchange rates, that latter figure is a little over $22 million!).

Next time, I will look at the GDPR requirement to continually demonstrate compliance with data availability and recoverability. Continued testing and validation must be performed to ensure that changes do not compromise compliance. Of course, it goes without saying that BMC has your back there as well.

In the meantime, for those of you who are impatient to get started, please visit the GDPR pages on the BMC website at

Dummies Guide to Security Operations

When security and operations teams collaborate closely, they can protect your business more effectively against all kinds of threats. Learn more in the SecOps For Dummies guide.

These postings are my own and do not necessarily represent BMC's position, strategies, or opinion.

See an error or have a suggestion? Please let us know by emailing

BMC Bring the A-Game

From core to cloud to edge, BMC delivers the software and services that enable nearly 10,000 global customers, including 84% of the Forbes Global 100, to thrive in their ongoing evolution to an Autonomous Digital Enterprise.
Learn more about BMC ›

About the author

Phil Grainger

Phil Grainger

Phil has 30 years experience of Db2, starting work long ago in 1987 with Db2 Version 1.2. Since then he has worked with all versions, including Db2 12.

From his beginnings as a Db2 DBA for one of the largest users of Db2 at that time in the UK, through his time at PLATINUM technology, his almost 10 years as Senior Principal Product Manager at CA and through to his current position with BMC Software, Phil has always been a keen supporter of user groups and is a regular speaker at both vendor sponsored and independent events. His work with IDUG includes being a past member of the European IDUG Planning Committee, an inductee into the IDUG Volunteer Hall of Fame and now Board Liaison for BMC Software

Phil has been honoured by IBM as an Analytics Champion from 2009 to 2017

Phil is now Lead Product Manager at BMC Software working in support of their Db2 tools portfolio

In addition, Phil is a regular contributor to the IDUG sponsored
Db2-L discussion list