Data protection is the set of processes and strategies that assure the privacy, availability, and integrity of your corporate data, including the personal data that your business collects or processes from clients. Also known as data security, these strategies encompass a variety of functions beyond the traditional “protection” concept.

To describe this collection of processes, the Enterprise Strategy Group developed what is known as the “data protection family tree.” This concept isn’t related to processing personal data regarding family history, genetic information, DNA testing, or other genealogical research protected under data protection laws such as GDPR or HIPAA.

Rather, the data protection family tree delves into each element of data protection individually, to assure proper security of data centers and compliance with data protection laws. It can be divided into two major subsets of data protection practices: data management and data availability.

Data Protection Branches: Data Management

Data management is the set of processes for entry, storage, organization, and maintenance of company information. This data protection sub-set comprises the discovery and compliance, archiving, and backup branches.

e-Discovery & Compliance

Data protection laws are fundamental for developing data management processes and strategies. Consequently, companies must be aware of the information they handle and the regulations they must follow.

E-discovery processes are the first step in an effective data compliance strategy. Classifying what kind of information is stored, processed, or shared, as well as the location of this data, allows an organization to determine the measures necessary for its protection.

Regulations such as the General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), and California Consumer Privacy Act (CCPA), require different sensitive information management processes. Companies must determine which regulations they need to comply with, to avoid unnecessary expenses and procedures.


Data archiving is the process of storing old and unused data. This process frees up space in data centers in a secure manner without eliminating the data in case it’s needed in the future. Some regulatory standards set record retention requirements. Each organization, however, decides for itself whether to archive data and where it should be preserved.


Data backup is the practice of copying information from a primary system or location to a secondary one, to protect that data from cyber-attacks, natural disasters, or accidents. This solution is vital today, with the increase in ransomware attacks and the rising threat of extreme weather.

Data Protection Branches: Data Availability

Organizations use data for everyday operations to offer products and services to their consumers. That means enterprises must keep their IT infrastructure operational even if the network is disrupted, to keep their data available for use. Data availability refers to the ability to have that guaranteed access to data.

A scenario where data is inaccessible can be extremely troublesome, since it can prevent delivery of service to customers and, in certain circumstances, causes a chain reaction that threatens other data as well. As a result, companies must take precautions to guarantee that mission-critical data is always available.


Backups are the only common element between the data management and data availability branches. Backups ensure data recovery and the protection of critical information to assure business continuity in the event of accidental or malicious damage.


Snapshots are a standard method for safeguarding data and systems. A storage snapshot in computer systems is the state of a system at a specific moment in time. Compared to a backup, they reduce both data traffic and the load necessary to make them.

When a storage snapshot is produced, it does not take up any space by default. It is just a copy of the metadata containing information about the data snapped, and is used to refer to historical data and changes.

One distinction between a snapshot and a backup is that the snapshot is kept in the same place as the original data. As a result, the snapshot will be destroyed or unavailable if the source data is lost or damaged.


Data replication is the process of continually copying data from a physical server, virtual server, or cloud instance (primary instance) to a secondary server or cloud instance (standby instance). Recovery time objectives (RTOs) and recovery point objectives (RPOs) are affected by how the data is duplicated.

Data replicas are also confused with backups. Data replicas continuously copy over previous versions. Backups are revision-controlled, so you can view a past version of your system data.


Strictly speaking, complete data availability brings together the rest of the processes and solutions to ensure operability and access to information when needed. Thus, processes for the recovery of data from backups as well as system operability fall into this category.

Disaster Recovery

Disaster recovery is the process an organization follows to regain access and functionality to its IT infrastructure following an event such as a natural disaster, a cyber assault, power outage, or any kind of business interruption. A disaster recovery plan includes roles, responsibilities, priorities, and detailed processes to get the company back to full operating capacity.

Business Continuity

Similar to disaster recovery, business continuity aims to reduce disruption to the organization’s operational flow and, ultimately, its profits. Business continuity plans, however, outline contingencies to keep the business running during a disaster.

Add ZenGRC to Your Data Protection Process

As businesses produce and consume ever-increasing volumes of data, they frequently struggle to use, store, archive, and discard it correctly. Unfortunately, manually managing the data lifecycle is impractical since it is inefficient, requires a lot of resources, and has significant security and compliance issues.

Automated data retention records management and backup systems are necessary to overcome these issues. This is where a complete platform such as ZenGRC provides the conveniences and features you need to fulfill legal and regulatory obligations.

With ZenGRC’s document repository, policies and procedures are revision-controlled and easy to find. Workflow management features offer easy tracking, automated reminders, and audit trails. The ZenConnect feature enables integration with popular tools, such as Jira, ServiceNow, and Slack, ensuring seamless adoption within your enterprise.

Schedule a demo to see how ZenGRC’s automated workflows, integrations, and customizations can benefit your business.