Client demands deletion, but backup retains for 1 year
GDPR right to be forgotten does not directly conflict with backup retention if you have a process. Delete from production, expire from backup on next cycle.
Try this first
- 1Delete client data from production immediately
- 2Document in privacy log that backups expire on X date
- 3Restore procedure: re-delete that client right after any restore
- 4Communicate this policy in the privacy notice
When to bring us in
On a DPIA request or regulator complaint
See also
- We have backups but we do not know if they workA backup that cannot be restored is not a backup. Testing matters as much as taking the backup.
- Suspected ransomware: what to do RIGHT NOWThe first 30 minutes are critical. One wrong move spreads the damage. Read before acting.
- Someone accidentally deleted an important folderUsually fine to recover. The trick: do not save anything new on that drive until you know how.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.