![]() ![]() The watchdog recommends, for this purpose, to keep a log of deletions performed in the live system. If it is not technically possible to delete individual data in a backup, then the organization has to ensure that the concerned data that have been deleted from the production system are again removed in the event that a backup is restored to production. ![]() ![]() This may be the case when the backup consists of an uncompressed copy of a database that allows deletion to be performed in the same way as for the live system. The Danish supervisory authority issued guidance on data deletion (available in Danish) explaining that personal data must be deleted from backups where technically possible. But don’t panic! Enforcement authorities know how difficult it is to fulfil this obligation in practice. Organizations must delete the data in all its locations without undue delay. The text of the GDPR does not mention any exceptions for personal data contained in backups and, it does not recognize (as it does in the context of other rights 2) that a company may not have to honor an erasure request if compliance proves to be impossible or would involve a disproportionate effort. Then, depending on the number of archives containing personal data, the difficulty to restore an environment, and the kind of disaster recovery tool used, erasing all personal data in a backup system without scrapping the backup entirely may cost an organization thousands of dollars, and compliance with one request could be somebody’s full-time job.įor these reasons, it is crucial to clarify whether your organization is obliged to erase personal data from backup systems. Finally, deleting the individual’s personal data without affecting other (non-personal) data that does not have to be deleted is not always feasible because many backup products that allow searches within the backup cannot erase the individual’s data without deleting the whole file or record where the information is contained. Besides, many backup files are compressed and do not allow their contents to be searched or manipulated without restoring the whole backup, making finding and deleting information of a specific individual difficult. For instance, in read-only files, the deletion of any of the data could corrupt other information not associated with the user. Many companies keep database backups for disaster recovery purposes (this is an obligation under the GDPR 1), and the truth is that it is often not easy nor practical to remove a single record from the backups.ĭeleting a backup or manipulating the files therein can be a problem for the integrity of the backup as a whole. While it is clear that this erasure obligation covers personal data in production information systems, organizations may well wonder whether this obligation also requires them to delete personal data from backup systems and archives. Additionally, data controllers must erase personal data (i) when there is no longer a legal basis for processing such personal data (ii) as a result of a deletion deadline according to their data retention policies, or (iii) at the request of a supervisory authority ordering the controller to comply with a data subject’s right to erasure request. For example, when your organization has received a valid erasure request (known as the “right to be forgotten”) and no exemption under Article 17 of the GDPR applies. The GDPR requires organizations to delete personal data in certain circumstances. When does my organization have to delete personal data under the GDPR? ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |