Hacker News new | past | comments | ask | show | jobs | submit login

The general recommendation is that if it's too difficult to purge specific users from your backups then:

* Have a clear data retention policy and make sure that all backups have an expiration date.

* Secure your backups with strong encryption to protect user data in the event of a leak.

* Explain it to the user when the account is deleted when the deletion will filter through your backups.

* Guarantee that if a restore is needed, their data will be immediately deleted from the restored system.




How do you keep track of what info needs to be deleted on restore without violating GDPR?


Save "on restore, delete all data sets pertaining to user id 47263".


You should be able to record the deletion request for the life of the backup and purge those records once the backups are deleted (all tied to the same rolling dates)




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: