zlacker

[return to "GDPR: Don't Panic"]
1. mbruml+ns[view] [source] 2018-05-18 13:29:18
>>grabeh+(OP)
I can tell you that GDPR is going to cause issues with block based backups. Many hosting providers don't separate customers on different block devices. When you back up a block device you have snapshots that have many different organizations data on them.

Part of making good backups is knowing that the backup can't change. The only solution now is to add paths to go back and modify those backups to remove customer data when asked too.

That is my plight anyways.

◧◩
2. icedch+ax[view] [source] 2018-05-18 14:04:48
>>mbruml+ns
The solution is to keep a list of "things to exclude" if a backup is ever restored. This is reasonable. Rewriting old backups is not reasonable.
◧◩◪
3. badwol+td1[view] [source] 2018-05-18 19:15:59
>>icedch+ax
Would such a list not by nature consist of PII?
◧◩◪◨
4. icedch+pe1[view] [source] 2018-05-18 19:23:53
>>badwol+td1
Not necessarily. It might consist of user IDs (integers, UUIDs) or hashed values of something that can be mapped to the user...
◧◩◪◨⬒
5. badwol+WA1[view] [source] 2018-05-18 23:01:16
>>icedch+pe1
User ID's are considered PII though. If it can be mapped to the user, it's by definition identifying information
◧◩◪◨⬒⬓
6. icedch+pE1[view] [source] 2018-05-18 23:58:55
>>badwol+WA1
Identifiers that have no meaning outside of your system are not PII.
[go to top]