Data retention and the Right to Erasure
Under the new regulations, individuals have more control over their personal data and can request data removal from an organisations systems, which you must comply with (unless any legal requirements apply) . This includes all current processing systems and archives and backups (including paper archives).
This can be a complex process, for example, you may have a tape backup from 2014, with a customer database stored on it. It may be important to keep that copy from that particular time, but removing (or anonymising) one record of personal information may be difficult, so you may be forced to destroy the whole backup or incur a fine.
To avoid situations such as this, businesses must review their data retention policies and must keep personal data for only as long as is legally necessary.
For more information on protecting your business from cyber security threats, advice on PCI and GDPR compliance and disaster recovery contact CloudSpark at email@example.com or call 01603 673160