
Backups
I still have not yet come across a clear, black and white statement regarding 'right to be forgotten' and backups. I have read many forums and it's sort of a grey area.
For example, if a person wishes to no longer be on the system of a client, in most cases thats easy, you delete them, but what is there a system image where that information is unable to be extracted without destroying the image. Or in terms of holding 6+ years of backups, what happens if I have the ability to delete a record and then the HMRC does an audit and find gaps in my invoicing.
From what I can gather an option is to encrypt the backup and keep the key safe, but surely that still doesn't comply because all your doing is restricting access, not actually deleting.
Or what if a person comes and buys a PC, then a week later demands I remove all information about him/her? How does that work in terms of sales, invoices, warranties?