|
|
|
|
|
|
by mikekchar
2956 days ago
|
|
|
I think the parent's reply is a good one. We could probably debate some of the finer points, but I think when we get some time to see how it all shakes out in the end we'll have a better vantage point. But to answer your question about the right to erasure, here is the law: https://gdpr-info.eu/art-17-gdpr/ I can't find it right now (and I have to get back to work), but there is a reasonableness requirement for requests. So things like backups might be covered by that. I wish there was some direction on that because it's a problem for me at work as well. My opinion is that the directive's view is that all personal data retention should be temporary. There should be a defined point where the personal data is deleted. Either that's when it's no longer necessary for the contract, or when you no longer have a legitimate interest in it, or when the user asks for the removal. Up to this point, most of us have been building databases with the intent of retaining the information indefinitely. So we never thought about this. Although I'm a fan of this law, I admit that it's going to be troublesome transitioning from where we were to where we need to go. And as the parent briefly stated, immutable databases are going to be a serious problem. |
|
|
If a data subject requests their data to be erased, you should remove their data from active systems so that it is no longer being processed, but you don't have to remove it from backups or other passive systems. You should however store some sort of marker so that if you need to restore data from backups, the data subject's data will be re-erased or otherwise stopped from entering active systems again.
And if a data subject asks, you have to tell them how long you store your backups of their personal data.
I think that's perfectly reasonable. And if your backup retention policy is "forever", now might be a good time to re-evaluate that policy.