To determine the security measures for the backups, you have to establish the confidentiality level of the data. This means clarifying whether certain data have to be, for example,
- backed up separately
- encrypted with a special password
- subject to special rules if kept off-site
As a business, you are also legally obliged to store certain documents for a particular time period. If these documents are lost, there are legal consequences. In both instances, a well-considered customized backup/archive concept will help.
Advice: Personal data must not fall into the wrong hands. This is why backups that are kept off-site have to be encrypted.