|
|
|
|
|
|
by bostik
2959 days ago
|
|
|
GDPR has the concept of backups and their expiration windows covered. I'll pick an example from my work. Data can be deleted from the active set, at which point it takes extra effort to retrieve it. (If you can't SELECT it anymore from the warm slaves, it's gone.) But as long as you can make a point-in-time-recovery from your backups, the data is still present in the inactive set. Using the inactive set requires, by definition, extra effort. So you need to state that fact in the data protection/retention policy, AND put reasonable technical enforcement mechanisms ("controls") in place to ensure that backups are expired and fully deleted after a given retention period. The older your unexpired backups get, the less valuable they should become. |
|
|