And on the subject of backups, those are typically exempt but there are some obvious problems there when you restore a backup at a later time.
To me the big ticket items in the GDPR are the notification duty and the data processing agreement 'chain' that gives some level of certainty that the companies you deal with are going to take this serious.
The implementation details and all the moving bits and pieces are most likely not going to be the parts where the real tests will be in the first year or two.
https://news.ycombinator.com/item?id=16366864
There are some provisions for those situations.
And on the subject of backups, those are typically exempt but there are some obvious problems there when you restore a backup at a later time.
To me the big ticket items in the GDPR are the notification duty and the data processing agreement 'chain' that gives some level of certainty that the companies you deal with are going to take this serious.
The implementation details and all the moving bits and pieces are most likely not going to be the parts where the real tests will be in the first year or two.