General Data Protection Regulation (GDPR)

Availability for the Always-On Enterprise

Re: General Data Protection Regulation (GDPR)

Veeam Logoby CarlMcDade » Tue May 09, 2017 3:10 pm

Very interesting thread, looking forward to hearing the outcome of this has i too have heard both sides of the story

Cheers
mail@carlmcdade.com
http://twitter.com/CarlMcDade
http://www.carlmcdade.com
CarlMcDade
Service Provider
 
Posts: 60
Liked: 20 times
Joined: Mon Jul 08, 2013 1:47 pm
Location: Leeds, UK
Full Name: Carl McDade

Re: General Data Protection Regulation (GDPR)

Veeam Logoby Mike Resseler » Tue May 09, 2017 5:37 pm 1 person likes this post

We are still investigating and a lot of research is being done from our side. I hope to have a definitive statement soon. But one thing is already very clear:

There is no certification and certified GDPR software does not exist. Software can assist a company in becoming compliant (it can deliver reports/ data to prove certain areas in the legislation). In our case, Veeam ONE can already deliver quite some information that your DPO (Data Protection Officer) can use.

More to come after a couple more meetings with different parties :-)
Mike Resseler
Veeam Software
 
Posts: 4134
Liked: 450 times
Joined: Fri Feb 08, 2013 3:08 pm
Location: Belgium, the land of the fries, the beer, the chocolate and the diamonds...
Full Name: Mike Resseler

Re: General Data Protection Regulation (GDPR)

Veeam Logoby CarlMcDade » Wed May 10, 2017 9:35 am

Thanks Mike!
mail@carlmcdade.com
http://twitter.com/CarlMcDade
http://www.carlmcdade.com
CarlMcDade
Service Provider
 
Posts: 60
Liked: 20 times
Joined: Mon Jul 08, 2013 1:47 pm
Location: Leeds, UK
Full Name: Carl McDade

Re: General Data Protection Regulation (GDPR)

Veeam Logoby JLundgren » Sun Oct 08, 2017 8:20 pm

Hello,

Do you have any updated news concerning this topic ?

When listening to lawyers i Sweden, they state that GDPR also includes backup/archive data.
However, no individual can claim the removal of specific information in backed up data files, as long as the reason why the information was stored in the first place, still exist.

This question also interests me when comparing O365 backup solutions.
For instance, Skykick backup storing mailboxes, OneDrive and Sharepoint in Azure with, as I understand it, limitations concerning customer or SP control of the backed up data.

How far have you come in your investigations ?

Regards,

JohnnyL
JLundgren
Service Provider
 
Posts: 50
Liked: 2 times
Joined: Fri Nov 13, 2015 10:00 am
Full Name: Johnny Lundgren

Re: General Data Protection Regulation (GDPR)

Veeam Logoby Mike Resseler » Mon Oct 09, 2017 5:44 am

Hi Johhny,

The statement around the possibility of removing data from backup/ archive will probably remain open until after the first (major) lawsuit. Some lawyers say it needs to get removed, others say absolutely not as long as... (and you stated that yourself).

For O365, I believe the same applies. A user can ask to be removed (or needs to be removed) so at that moment, you delete the user from production but you can keep the user in backup/ archive for x amount of time (that x will apply to a retention time that applies to another law.) but you cannot "recover" the user back into production. So you need to export the data (to a PST for example) in case it is needed in a legal case
Mike Resseler
Veeam Software
 
Posts: 4134
Liked: 450 times
Joined: Fri Feb 08, 2013 3:08 pm
Location: Belgium, the land of the fries, the beer, the chocolate and the diamonds...
Full Name: Mike Resseler

[MERGED] Delete files and folders

Veeam Logoby AzetsDK » Mon Nov 20, 2017 11:27 am

I understand that in the current version, there are no easy ways to delete files and folders from backups.

Is this something you have in the roadmap? It seems essential to be able to be GDPR compliant by May 2018.

Rgds,

Lars
AzetsDK
Lurker
 
Posts: 1
Liked: never
Joined: Mon Nov 20, 2017 11:21 am
Full Name: Lars Munk-Bierre

Re: General Data Protection Regulation (GDPR)

Veeam Logoby foggy » Tue Nov 21, 2017 3:58 pm

Hi Lars, please review this thread for some information regarding your request.
foggy
Veeam Software
 
Posts: 16008
Liked: 1223 times
Joined: Mon Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson

Re: General Data Protection Regulation (GDPR)

Veeam Logoby paul_parkes » Thu Dec 28, 2017 4:16 pm 1 person likes this post

GDPR - Article 17 gives the data subject the Right to erasure (‘right to be forgotten’).
Paragraph 1, sets out the right, along with the valid reasons to request removal. (They are limited)
Paragraph 2, states that where the data is in the public domain, the controller should take "reasonable" steps to inform other data controllers of the request.
Paragraph 3, states the reasons the request for removal can be turned down. (Paragraph 1 and 2 shall not apply)
    Section (b) states "for compliance with a legal obligation ..."
    Section (e) states "for the establishment, exercise or defence of legal claims".
The biggest impact of the GDPR is that "You should know your data and your processes" and "You should keep the data safe"

GDPR requires you to have a valid reason for keeping and processing data.
If you don't have a valid reason to keep and process data, why are you?
paul_parkes
Lurker
 
Posts: 2
Liked: 3 times
Joined: Fri May 11, 2012 10:54 am
Full Name: Paul Parkes

Re: General Data Protection Regulation (GDPR)

Veeam Logoby Mike Resseler » Tue Jan 02, 2018 6:16 am

Paul,
Absolutely correct. The right to be forgotten is not absolute. And even in the case that it is a valid request, it still doesn't mean you need to delete it from your backups. Besides GDPR there is still other laws depending on country, vertical... And after x amount of time, let your backups retire or get deleted automatically. I think I am going to steal your one-line by the way... Your last line is spot-on! ;-)
Mike Resseler
Veeam Software
 
Posts: 4134
Liked: 450 times
Joined: Fri Feb 08, 2013 3:08 pm
Location: Belgium, the land of the fries, the beer, the chocolate and the diamonds...
Full Name: Mike Resseler

[MERGED] Feature Request - Remove individuals data from a Ba

Veeam Logoby Davejonesuk » Thu Mar 01, 2018 12:00 pm

With the EU/UK introducing GDPR May 2018 an individual has the right to have all data about that person removed from an organisation including backups. Although this should be a very rare occurrence (if ever) for us as we are a UK school. I wondered if veeam had thought about this and the ability to remove an individuals data from a backup(s) leaving the rest of the backup intact? And whether although not possible now, would be possible in future releases of the software. I think this might have been asked before but not as a part of these new regulations.
Davejonesuk
Lurker
 
Posts: 1
Liked: never
Joined: Tue Jun 23, 2015 8:58 am
Full Name: Dave Jones

Re: General Data Protection Regulation (GDPR)

Veeam Logoby PTide » Thu Mar 01, 2018 12:27 pm

Hi Dave, and welcome to the community!

It seems that the subject is already being discussed in this thread, please take a look.

Thanks
PTide
Veeam Software
 
Posts: 3707
Liked: 308 times
Joined: Tue May 19, 2015 1:46 pm

[MERGED] Data Retention Policies and Veeam Backups

Veeam Logoby Zew » Tue Mar 06, 2018 4:37 pm

I've been meaning to talk about this one for a good while but always forgot to make the post.

We are currently going through a file audit at my work, this includes file shares and of course SharePoint. We have been working very hard over the last couple years to ensure that most files are getting their final resting place within SharePoint. As well as working hard to get files that are in progress to be used on Sharepoint as well to utilize versioning, monitoring files changes, access control, all the fun governance stuff that comes with it.

Anyway. So now comes the time we found some files that need to be deleted.

Is there anyway to push this file deleting to old backups to ensure that it can 100% not be recovered?

I know generally Backup and Restore is there to always ensure recovery, but sometimes people don't want to be able to recover a file, ever.
Zew
Expert
 
Posts: 206
Liked: 42 times
Joined: Tue Mar 17, 2015 9:50 pm
Full Name: Aemilianus Kehler

Re: General Data Protection Regulation (GDPR)

Veeam Logoby foggy » Tue Mar 06, 2018 4:59 pm

You request looks similar to the ones discussed in this thread.
foggy
Veeam Software
 
Posts: 16008
Liked: 1223 times
Joined: Mon Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson

[MERGED] GDPR - Will Backup Files be editable?

Veeam Logoby mweber972 » Wed Mar 07, 2018 12:52 pm

Hello,

I was referred by Veeam support, to ask my question here in the Forum.
We need a statement about "GDPR - Will Backup Files be editable?"
According to the EU data directive, this must be possible when it comes to personal data.
Although I have found articles in this forum, but no reliable statement.

Here is the mail of the support in german (original) an in english:

"Sehr geehrter Herr xxx,
Wir bedanken uns bei Ihnen für Ihren Anruf bei Veeam Software – Tech Support.
Um eine Antwort zu der "GDPR / Backup to be editable at file level" Thematik zu bekommen, empfehlen wir Ihnen die Frage via den Foren (https://forums.veeam.com ) zu stellen – dort wird die von den Kollegen von Product Management beantwortet.
Falls Sie Fragen haben, stehe ich Ihnen gerne als Ansprechpartner zur Verfügung."


"Dear Mr. xxx,
We thank you for calling Veeam Software - Tech Support.
In order to get an answer to the GDPR / Backup to be editable at file level topic, we recommend that you post the question via the forums (https://forums.veeam.com) - there the answers will be answered by the colleagues of Product Management ,
If you have any questions, I am happy to be your contact person. "


So please get in touch with someone from Product Management. Preferably in German!

greetings
mweber972
Lurker
 
Posts: 1
Liked: never
Joined: Tue Mar 06, 2018 7:38 am
Full Name: Michael Weber

Re: General Data Protection Regulation (GDPR)

Veeam Logoby Mike Resseler » Tue Mar 13, 2018 8:55 am

Hi All,

First, it is rather important to realize that you are not required to delete files from a backup. I am aware some people say that, but it is not correct. It would be too easy to start doing fraud if that would be allowed :-)

There are however, a few things to keep in mind. When you delete data (right to be forgotten) from the production server because of a request, you cannot restore it afterwards. Which means you need to keep track of what data is deleted.

The right to be forgotten is something that gets a lot of attention (unfortunately) because it is a minor item in the entire legislation. (There are many more items such as protection by design and by default, reporting and so on). The idea around the right to be forgotten is more around the fact that you can opt-out (in case of marketing for example), remove data (in case of facebook or other social media type of services) or similar. For example, some people claim that you can use that right to delete your name from news articles (in case you have done something which you don't want to be seen public) but that won't work. The right to be forgotten is NOT absolute.

I would advice you to watch this: https://www.veeam.com/videos/general-da ... 11236.html
I did this presentation a few weeks ago and it should give you much more information. Afterwards, obviously feel free to ask me questions again :-)

Cheers
Mike
Mike Resseler
Veeam Software
 
Posts: 4134
Liked: 450 times
Joined: Fri Feb 08, 2013 3:08 pm
Location: Belgium, the land of the fries, the beer, the chocolate and the diamonds...
Full Name: Mike Resseler

PreviousNext

Return to Veeam Backup & Replication



Who is online

Users browsing this forum: No registered users and 1 guest