1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
1
GDPR is somewhat lenient in that regard. You don't necessarily need to remove data, but you do need to advise the customer what data may be retained in backups, and the retention policy on the backups. Also, a good move to have a mechanism in place to ensure if backups are restored, that the live data is removed/modified in accordance with GDPR requests.
"According to France’s GDPR supervisory authority, CNIL, organisations don’t have to delete backups when complying with the right to erasure.
Nonetheless, they must clearly explain to the data subject that backups will be kept for a specified length of time (outlined in your retention policy)."
répondu il y a 3 ans
Contenus pertinents
- demandé il y a 7 mois
- demandé il y a un an
- demandé il y a 7 mois
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a 2 ans