Re: [BackupPC-users] RGDP, is backuppc still usable for non hobby backups after may 25
On Sun, 25 Mar 2018, Ghislain Adnet wrote: Hi there, The RDGP or GDRP is a new law in Europe : https://en.wikipedia.org/wiki/General_Data_Protection_Regulation It is GDPR after all, but does not mather. Most people confuse this with encryption. But this is not about encryption. This is about the controlled access to the data. As long as you know users with right to restore backups and you have a log you should be fine. it state that; data MUST be protected from top to bottom, this include of course backup. In May 2018 all company in EU or using data about EU citizen will be subject to this law. From where i see it the GDPR force people to use encryption on all the data chain including the backup one. Also it add the right to 'forget' and some seems to include here that customer data should be removed from all the systems if required and that include backup. Of course for database i dont see how a backup system could erase line inside its dump files but for simple files we cannot say that. In backuppc i can manualy go erase a directory/file from all the backups so i should be covered here. This goes crazy, you often can not delete the user data for other legal reasons as you had a contract with the user that you have to store for some time to fullfil other regulations. Only a spectial care may be needed when restroing old data, but as you should remove user from your data including the note that you've deleted them, you can not know what user data you deleted, right? best regards, Ghislain. If you are a company, you should have at the first place the Data protection officer that will define the processes, rights and hierarchy to access the data, what really is a private user data in your structrues etc. He may or may not require you to implement the encryption. Adam Pribyl -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] RGDP, is backuppc still usable for non hobby backups after may 25
On Sun, 25 Mar 2018 14:46:18 +0200 Pelle Hanseswrote: > In my > discussions with lawyers, you should have some form of backup filters > so that the data requested deleted is not restored. For BackupPC you > probably have to write some scripts and store all documents names that > should not be restored in some file or database and run all restored > documents through the script. It would be using a canon to shoot a mosquito, not to mention the difficulties if the doc's date is changing for whatever reason. You'd better use a document manager that automatically delete documents at the right time and backup its data ;-) Jean-Yves -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] RGDP, is backuppc still usable for non hobby backups after may 25
Hi there, On Sun, 25 Mar 2018, Ghislain Adnet wrote: ... The problem lies more with encryption as backuppc, from what i know, cannot encrypt data it store ... It isn't a problem. Just encrypt the partition on which the backup resides. -- 73, Ged. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] RGDP, is backuppc still usable for non hobby backups after may 25
Hi, what I know there are no requirement for encryption of data, only data protection required. It is also not clear what goes for backups except that data should not be saved longer than necessary. Some documents, economic documents, have other laws that tell you how long they should be saved. In my discussions with lawyers, you should have some form of backup filters so that the data requested deleted is not restored. For BackupPC you probably have to write some scripts and store all documents names that should not be restored in some file or database and run all restored documents through the script. It is in some case almost impossible to delete files on backups such as data stored on DVD and tape. /Pelle Hanses On 2018-03-25 13:49, Ghislain Adnet wrote: Hi there, The RDGP or GDRP is a new law in Europe : https://en.wikipedia.org/wiki/General_Data_Protection_Regulation it state that; data MUST be protected from top to bottom, this include of course backup. In May 2018 all company in EU or using data about EU citizen will be subject to this law. From where i see it the GDPR force people to use encryption on all the data chain including the backup one. Also it add the right to 'forget' and some seems to include here that customer data should be removed from all the systems if required and that include backup. Of course for database i dont see how a backup system could erase line inside its dump files but for simple files we cannot say that. In backuppc i can manualy go erase a directory/file from all the backups so i should be covered here. The problem lies more with encryption as backuppc, from what i know, cannot encrypt data it store, it only can secure the transmit phase. Rsync or tar have no encryption sytem built so i wanted to know what the other users have in mind to survive the GDPR laws for their backups ? best regards, Ghislain. A report[27] by the European Union Agency for Network and Information Security elaborates on what needs to be done to achieve privacy and data protection by default. It specifies that encryption and decryption operations must be carried out locally, not by remote service, because both keys and data must remain in the power of the data owner if any privacy is to be achieved. The report specifies that outsourced data storage on remote clouds is practical and relatively safe if only the data owner, not the cloud service, holds the decryption keys. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List: https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki: http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/ -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
[BackupPC-users] RGDP, is backuppc still usable for non hobby backups after may 25
Hi there, The RDGP or GDRP is a new law in Europe : https://en.wikipedia.org/wiki/General_Data_Protection_Regulation it state that; data MUST be protected from top to bottom, this include of course backup. In May 2018 all company in EU or using data about EU citizen will be subject to this law. From where i see it the GDPR force people to use encryption on all the data chain including the backup one. Also it add the right to 'forget' and some seems to include here that customer data should be removed from all the systems if required and that include backup. Of course for database i dont see how a backup system could erase line inside its dump files but for simple files we cannot say that. In backuppc i can manualy go erase a directory/file from all the backups so i should be covered here. The problem lies more with encryption as backuppc, from what i know, cannot encrypt data it store, it only can secure the transmit phase. Rsync or tar have no encryption sytem built so i wanted to know what the other users have in mind to survive the GDPR laws for their backups ? best regards, Ghislain. A report[27] by the European Union Agency for Network and Information Security elaborates on what needs to be done to achieve privacy and data protection by default. It specifies that encryption and decryption operations must be carried out locally, not by remote service, because both keys and data must remain in the power of the data owner if any privacy is to be achieved. The report specifies that outsourced data storage on remote clouds is practical and relatively safe if only the data owner, not the cloud service, holds the decryption keys. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/