Preparing for GDPR: Addressing the Right to Forget

Jason Reid cloud backup

GDPR Right to Forget Blog

The right to forget is one of the key components of GDPR. Do your backups allow for the straightforward deletion of specific identifying data?

The General Data Protection Regulation (GDPR) is coming sooner than you think. We’ve already published a blog around GDPR that gives you some areas to consider ahead of its implementation on 25th May 2018. But on a day-to-day level, what affect will GDPR have on your business? One of the key aspects of GDPR is the right to forget. In this blog post, we’ll take a look at how to make facilitating right to forget requests far more straightforward.

GDPR and the Right to Forget

A key aspect of GDPR is the right to forget. If an individual contacts your business asking for their personal data to be removed from your systems, you have a month (or two in some specific cases) to facilitate this request.

When it comes to your live systems, this will likely involve removing their details from your CRM system, marketing automation tool, finance package, and so on. But what about backups? GDPR requirements state that the right to forget includes backup data, not just the data found in live systems.

The right to forget introduces a problem for traditional tape backups: how do you delete only the individual’s data, without losing all of the other backup data found on the same tape? The answer is with great difficulty. By restoring the appropriate backup tape to a test system, replicating data across to the live system, deleting the records, and saving the data back to the tape, you can potentially avoid losing all of the tape data. But this method is extremely time consuming – imagine how long it will take to run through this operation every time you receive a right to forget request!

Fortunately, there is another way…

Targeted Data Removal

AssureStor’s backup2cloud enterprise platform, powered by Asigra, allows you to target and delete specific files from your backup archive. This makes the process of facilitating right to forget requests significantly easier for IT departments.

But what about when you need to remove hundreds of files, and not just a small handful? The backup2cloud enterprise platform offers a tool that allows you to delete any number of files, quickly and easily.

The backup2cloud enterprise platform is GDPR-ready. Offering security, encryption, data sovereignty, and the easy facilitation of right to forget requests, backup2cloud enterprise helps your business meet its GDPR requirements. Contact us to learn more, and to apply for a 30 day free trial.

This is the second in a three part blog series on preparing for GDPR. If you missed it, you can read part one here. The final blog, in which we will explore the advantages of using Asigra for GDPR compliance, will be published next week; be sure to check back then.