Magazine
Data backup: this is how the law sees it
![]() When considering the legal aspects of data backup, two key questions arise: What are you permitted to do, and what are you required to do? As long as your data remains within your organization, you may back up all data that has been stored in compliance with legal requirements. However, challenges can occur if data is backed up or archived externally. In particular, when personal data of customers or employees is involved, this constitutes a transfer of data to third parties. This is generally not problematic, provided that such transfers are explicitly covered in the relevant consent declarations.
What needs to be backed up? Principles of Data Access and Verifiability of Digital Documents In Germany, all documents related to taxation are subject to the Principles of Data Access and Verifiability of Digital Documents (GDPdU). This is a binding administrative directive issued by the Federal Ministry of Finance, and no company operating in Germany can afford to ignore it. The core requirement is that a tax auditor must be granted read access to all tax-relevant digital documents at any time upon request. This goes far beyond simply storing backup tapes in a basement; it requires that backup archives from previous years are accessible at all times. In practice, it is unlikely that any company fully complies with the GDPdU, as “tax-relevant digital documents” also include, for example, all internal emails related to tax-relevant transactions. It is virtually impossible for any organization to filter out every email sent years ago that might reference a specific transaction. Nevertheless, it is essential to observe the strict requirements of the GDPdU for all documents that are typically relevant in the context of a tax audit. Look it up further: Data backup Related articlesWhich type of backup is the best choice for my data?This is how important data backup is in real life FAT32 or NTFS? Which format is better for backups? This article covers the topics:Legal foundations of IT securityInternet backup and the law Is encryption legally relevant for data backup? Data backup laws Are you interested in:Internet ExplorerFiles excluded from backup Restore ACL permissions Windows encryption |
|