|
|
|
|
|
|
by colonelxc
1518 days ago
|
|
|
It's generally not required to 'permanently delete instantly' (this includes GDPR). So you take a backup every day, and delete backups after 30 days (or whatever amount of time you need to for compliance). When somebody says 'delete this permanently', you do, from your primary data store. Then after 30 days, not even the backups will have anything. You can also get fancy with more than one stage (soft delete, hard delete, then backup purge), as long as the whole pipeline is done within the compliance window. Of course, the trickiest part of all of this is knowing where all data can proliferate, and making sure it doesn't (don't let people download data to their machines, don't let people create a 'copy of prod' that sticks around outside or retention. |
|
|