There continues to be a great deal of confusion surrounding the requirements of the General Data Protection Regulation (GDPR). To help address the confusion, Bryan Cave has published a multi-part series that discusses the questions that most frequently are asked by clients. The GDPR is unclear on the “Right to Be Forgotten,” regarding the removal of personal data from backup systems. Because most companies keep backups of their information for disaster recovery purposes, some level of information is still available. Where a disaster recovery system involves a mirror of the live environment, it may be theoretically easier to delete information about a single person, however, the challenges may still be substantial.
GDPR: The Most Frequently Asked Questions: When Honoring a “Right to Be Forgotten” Request Do I Have to Delete Personal Data from Backup Systems?
Full Fusion