🔥 3-day streak
ISC2 CCSP — Certified Cloud Security Professional54 / 124
Question 54 of 124
A data subject in the EU submits a valid GDPR Article 17 (right to erasure) request to an online retailer that operates entirely on a public cloud SaaS platform. The privacy officer confirms the request is legitimate and that no legal exemption to retain the data applies. When the DPO instructs the operations team to comply, the team reports that the customer's personal data also exists in encrypted incremental backups that are retained on a 90-day rolling cycle and cannot be selectively edited without corrupting the backup chain. What is the MOST appropriate way to handle the erasure obligation with respect to these backups?
Reviewed for accuracy · Report an issueNext question