Hacker News new | ask | show | jobs
by twobat 2420 days ago
GDPR as applied is a joke. At one of the places I work they keep talking about "we can't backup this data anymore because it has personal info".
2 comments
tsimionescu 2420 days ago
That's not enforcement, that's misreading...
link
akvadrako 2420 days ago
Not really - you need a way to scrub user data on demand from backups and they should also have limited duration.
link
matthewmacleod 2420 days ago
You do not require a way to “scrub user data on demand from backups”. This is just untrue; please don’t spread it.
link
akvadrako 2420 days ago
What are you talking about? Part of GDPR is deleting personal data on demand.
link
matthewmacleod 2420 days ago
You have misunderstood the requirements of the GDPR. CNIL, for example, has made it explicitly clear that so long as an effective retention policy is in place then PII does not need to be removed from backups on demand.
link
akvadrako 2419 days ago
If by that you mean backups need to be deleted after a certain period then it's effectively the same thing.
link
steve_gh 2420 days ago
Well that's just a crock. You simply have to have a policy that says how long you retain backups for, and what you would do if you needed to delete PI if required to do so under GDPR.

It's not rocket science!

link