GDPR And Tape: The Elephant In The Room Is Ransomware

With the GDPR deadline fast approaching, the end for tape is being predicted (again), according to the following catastrophic scenario. It’s Monday, and your manager asks you to delete someone’s personal data from your backup copies because the data protection officer received an email asking the company to follow the “right to be forgotten.” So, you start figuring out where to find the data—but how can you delete a single file in a tape? You can’t. You’ll need to wipe the entire tape. Should you restore everything? Delete the personal information and backup the remaining data again? Sounds complex. Now imagine that this happens many times per day because of this new regulation—the GDPR. Kind of scary, right?

But let’s imagine another scenario. It’s Sunday morning and you find that part of your systems have been encrypted by a ransomware attack. You decide to use your backups…until you discover the criminals encrypted your backups first. Now imagine that you have replicated your backups over the weekend, so your DR copies are also encrypted. No plan B, no plan C. Last but not least, it’s June 2018, and you need to comply with the GDPR—and you just failed to protect someone’s personal data.

Read why Stéphane Estevez, WW Backup & DR Product Marketing Manager at Quantum, thinks that tape is compatible with the GDPR and the best solution to protect data against ransomware attacks on Information Security Buzz.