backup-retention-erasure
Backup Retention and Erasure Management
Overview
Backup and archive systems present unique challenges for data retention and erasure compliance. Unlike primary systems where individual records can be selectively deleted, backup media typically stores data as monolithic sets that cannot be surgically modified without restoration. When a data subject exercises the right to erasure under GDPR Article 17 or when a retention period expires, the organization must address personal data residing in backups. The technical infeasibility of granular deletion from backups is a recognized limitation, but it does not exempt organizations from their obligations — it requires documented interim measures and eventual deletion through backup rotation or restore-and-delete procedures. This skill provides the operational framework for managing backup data under retention and erasure obligations.
Legal Context
GDPR Recital 66 — Erasure in Online Environments
The right to erasure should extend to cases where the controller has made the personal data public — the controller should take reasonable steps to inform other controllers processing the data. In the backup context, this principle requires that erasure obligations extend to backup copies even when immediate deletion is technically infeasible.
GDPR Article 17(1) — Right to Erasure
The controller shall erase personal data "without undue delay." The EDPB and national DPAs have acknowledged that backup systems may require a longer timeframe, but have not granted an indefinite exception. The expectation is that backup deletion occurs within the next backup rotation cycle.