Zum Inhalt Zum Hauptmenü

Suchformular

BACKUPS AND MEMORY LIMITATION

Datum: 
27. April 2018

In practice, the question often arises as to how long backups and backup copies may be kept and how to deal with them in the event of a request for erasure or withdrawal of consent. The GDPR is silent about this and thus causes many headaches. From a technical point of view, the final erasure of data is only possible to a very limited extent, and companies fear problems of evidence and de facto legal disadvantages due to premature erasure. Meanwhile, further approaches have emerged which argue for a less strict approach towards erasure. However, a statement from the data protection authorities is still missing and therefore remains a large, explosive grey area.

The clearest approach to the handling of backups is probably found in Sec 4 para 2 Austrian Data Protection Act 2018 ("DPA 2018"), which provides - beyond the GDPR - that the actually required rectification or erasure of data does not have to take place immediately if it "can only be carried out at certain times for economic or technical reasons". In this case, processing activities must be restricted until the next erasure/rectification date. As a result, the erasure time is shifted backwards and processing activity is temporarily restricted. Neither the DPA 2018 nor the GDPR provide for information on how exactly the restriction should be made.

The DORDA data protection experts assume that this - albeit very practical - restriction of the rights of data subjects contradicts the GDPR. Finally, Articles 16 and 17 of the GDPR provide for "immediate" erasure or rectification. Nevertheless, Sec 4 para 2 DPA 2018 offers a valid basis for argumentation for the time being in order to at least postpone the erasure of personal data records in backups, which is hardly possible in practice.

Another argument for keeping data in backups may be that the data backup itself could be a separate processing purpose. Finally, backup copies are mainly used for business continuity management. It can therefore be argued that backups do not need to be erased until they are no longer recoverable. In a sense, data backup becomes an end in itself. In the opinion of the DORDA data protection experts, however, this view cannot be brought into line with the GDPR in a legally secure manner either.

The DORDA data protection team therefore recommends a pragmatic middle way to get a grip on the subject of backups and to meet data protection requirements:

  1. Step 1: Erase the data in the production system that is affected by a withdrawal or erasure request or that is no longer required. This takes into account the elementary principle of memory limitation and data minimization.
  2. Step 2: Mark ("flag") the records still in the backup, so that a later reactivation can be excluded. In other words: The data records erased in the production system can still "sleep" in the backup, but it must be ensured that they are no longer actively used.
  3. Step 3: Identify and then erase the flagged data (and data already erased in the production system) during any backup import.

A residual uncertainty remains with this approach also. However, this already significantly reduces the actual risk. As a fallback, however, the argumentation of the self-interest of archiving as well as the reference to Sec 4 para 2 DPA 2018 still remains here.