Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

RDS Backup and GDPR

0

A customer asked if there is any simple way to comply with a GDPR request to remove client data when they have RDS Backups that may contain that customer data.

Is there a simple way to remove the data from the backups vs having to load a backup into RDS and remove the data and then retake the backup? Do they even need to do this for GDPR? Any other compliance that this might come into play with?

Themen
Migration und ModernisierungAnalysenDatenbank
Tags
Amazon Relational Database Service
Sprache
English
AWS
Steven_W
gefragt vor 3 Jahren541 Aufrufe
1 Antwort
1
Akzeptierte Antwort

GDPR is somewhat lenient in that regard. You don't necessarily need to remove data, but you do need to advise the customer what data may be retained in backups, and the retention policy on the backups. Also, a good move to have a mechanism in place to ensure if backups are restored, that the live data is removed/modified in accordance with GDPR requests.

An example from: https://www.itgovernance.eu/blog/en/the-gdpr-how-the-right-to-be-forgotten-affects-backups-2#:~:text=According%20to%20France's%20GDPR%20supervisory,outlined%20in%20your%20retention%20policy).

"According to France’s GDPR supervisory authority, CNIL, organisations don’t have to delete backups when complying with the right to erasure.

Nonetheless, they must clearly explain to the data subject that backups will be kept for a specified length of time (outlined in your retention policy)."

AWS
Greg_H
beantwortet vor 3 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt