Hi,
what I know there are no requirement for encryption of data, only data
protection required.
It is also not clear what goes for backups except that data should not
be saved longer than necessary. Some documents, economic documents, have
other laws that tell you how long they should be saved. In my
discussions with lawyers, you should have some form of backup filters so
that the data requested deleted is not restored. For BackupPC you
probably have to write some scripts and store all documents names that
should not be restored in some file or database and run all restored
documents through the script.
It is in some case almost impossible to delete files on backups such as
data stored on DVD and tape.
/Pelle Hanses
On 2018-03-25 13:49, Ghislain Adnet wrote:
Hi there,
The RDGP or GDRP is a new law in Europe :
https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
it state that; data MUST be protected from top to bottom, this
include of course backup. In May 2018 all company in EU or using data
about EU citizen will be subject to this law. From where i see it the
GDPR force people to use encryption on all the data chain including
the backup one.
Also it add the right to 'forget' and some seems to include here that
customer data should be removed from all the systems if required and
that include backup. Of course for database i dont see how a backup
system could erase line inside its dump files but for simple files we
cannot say that. In backuppc i can manualy go erase a directory/file
from all the backups so i should be covered here.
The problem lies more with encryption as backuppc, from what i know,
cannot encrypt data it store, it only can secure the transmit phase.
Rsync or tar have no encryption sytem built so i wanted to know what
the other users have in mind to survive the GDPR laws for their backups ?
best regards,
Ghislain.
A report[27] by the European Union Agency for Network and Information
Security elaborates on what needs to be done to achieve privacy and
data protection by default. It specifies that encryption and
decryption operations must be carried out locally, not by remote
service, because both keys and data must remain in the power of the
data owner if any privacy is to be achieved. The report specifies that
outsourced data storage on remote clouds is practical and relatively
safe if only the data owner, not the cloud service, holds the
decryption keys.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
BackupPC-users mailing list
[email protected]
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
BackupPC-users mailing list
[email protected]
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
