Common use of Backup Archives and Recovery Clause in Contracts

Backup Archives and Recovery. Personal Data may reside in backup archives that must be retained for a longer period of time, either because it is impractical to isolate individual personal data within the archive, or because the controller is required to retain data longer for contractual, legal or compliance reasons. The individual can be assured that their personal data will not be restored back to production systems (except in certain rare instances, e.g., the need to recover from a natural disaster or serious security breach). In such cases, the user’s personal data may be restored from backups, but the Customer will need to take the necessary steps to honour the initial request and erase the primary instance of the data again. Retention rules have been put in place so that personal data in backup archives is retained for as short a time as necessary before being deleted. Records of all data subject requests regarding their personal data will be retained, as will audit logs that record all activities on backup archives containing Personal Data. This means that the user can be confident that their Personal Data has been backed up in accordance with GDPR principles of security by design and by default, as well as data minimisation, and that their rights, including the right to be forgotten, have been honoured.

Backup Archives and Recovery. Personal Data may reside in backup archives that must be retained for a longer period of time, either because it is impractical to isolate individual personal data within the archive, or because the controller is required to retain data longer for contractual, legal or compliance reasons. The individual can be assured that their personal data will not be restored back to production systems (except in certain rare instances, e.g., the need to recover from a natural disaster or serious security breach). In such cases, the user’s personal data may be restored from backups, but the Customer will need to take the necessary steps to honour the initial request and erase the primary instance of the data again. Retention rules have been put in place so that personal data in backup archives is retained for as short a time as necessary before being deleted. Records of all data subject requests regarding their personal data will be retained, as will audit logs that record all activities on backup archives containing Personal Data. This means that the user can be confident that their Personal Data has been backed up in accordance with GDPR tfDPR principles of security by design and by default, as well as data minimisation, and that their rights, including the right to be forgotten, have been honoured.