Backups and the right to be forgotten in the GDPR: An uneasy relationship

The recent enforcement of the GDPR has put extra burdens to data controllers operating within the EU. Beyond other challenges, the exercise of the Right to be Forgotten by individuals who request erasure of their personal information has also become a thorny issue when applied to backups and archive...

Full description

Saved in:
Bibliographic Details
Published in:The computer law and security report 2018-12, Vol.34 (6), p.1247-1257
Main Authors: Politou, Eugenia, Michota, Alexandra, Alepis, Efthimios, Pocs, Matthias, Patsakis, Constantinos
Format: Article
Language:English
Subjects:
Backup
GDPR
Right to be Forgotten
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The recent enforcement of the GDPR has put extra burdens to data controllers operating within the EU. Beyond other challenges, the exercise of the Right to be Forgotten by individuals who request erasure of their personal information has also become a thorny issue when applied to backups and archives. In this paper, we discuss the GDPR forgetting requirements in respect with their impact on the backup and archiving procedures stipulated by the modern security standards. We specifically examine the implications of erasure requests on current IT backup systems and we highlight a number of envisaged organizational, business and technical challenges pertained to the widely known backup standards, data retention policies, backup mediums, search services, and ERP systems.
ISSN:2212-473X
2212-4748
DOI:10.1016/j.clsr.2018.08.006