Backups and the right to be forgotten in the GDPR: An uneasy relationship |
| |
| Authors: | Eugenia Politou Alexandra Michota Efthimios Alepis Matthias Pocs Constantinos Patsakis |
| |
| Institution: | 1. Department of Informatics, University of Piraeus, Greece;2. Department of Digital Systems, University of Piraeus, Greece;3. Stelar Security Technology Law Research, Germany |
| |
| Abstract: | The recent enforcement of the GDPR has put extra burdens to data controllers operating within the EU. Beyond other challenges, the exercise of the Right to be Forgotten by individuals who request erasure of their personal information has also become a thorny issue when applied to backups and archives. In this paper, we discuss the GDPR forgetting requirements in respect with their impact on the backup and archiving procedures stipulated by the modern security standards. We specifically examine the implications of erasure requests on current IT backup systems and we highlight a number of envisaged organizational, business and technical challenges pertained to the widely known backup standards, data retention policies, backup mediums, search services, and ERP systems. |
| |
| Keywords: | GDPR Backup Right to be Forgotten |
| 本文献已被 ScienceDirect 等数据库收录! |
|
