Backup media at the MSP: who owns it, who destroys it?
At many MSPs, LTO tapes, external SSDs and USB backup drives pile up in server racks and cabinets. They belong to clients but sit physically with the MSP. When a client switches, a contract ends or the retention period expires, the question arises: who may, or must, destroy this? And how do you record it? This article answers that question practically.
Ownership: data versus medium
Distinguish between legal ownership of the physical medium and GDPR responsibility for the data on it. The medium itself can be owned by the MSP (purchase, depreciation). The data on it are almost always owned, or at least the responsibility, of the client. That means: as an MSP you are a processor within the meaning of GDPR art. 28, even if the tape is physically in your name.
Consequence: the client decides when destruction may take place, within the statutory framework. The MSP executes and documents. Without a written instruction or contractual arrangement you may not destroy client data, even if you bought the medium yourself.
Processor agreement: the right clauses
Include in the processor agreement with each client:
- Who decides on destruction (default: client).
- Which periods apply to backups (for example 6 weeks rolling, 1 year, 7 years for tax).
- Who is the sub-processor for physical destruction.
- Which standard (DIN 66399 E-4 for SSDs, H-4 for tapes).
- Which certificate is delivered and to whom (client, MSP, both).
- Hand-back duty at end of contract: return or destroy with a certificate.
Retention periods for backups
There is no statutory retention period for ‘a backup’ as such. What you do need to derive: the retention period of the underlying data. A backup of payroll falls under the seven-year tax retention obligation. A backup of a dismissed employee who has had their right to erasure honoured must disappear within a reasonable time, including from tape archives.
That last point is awkward: if a client receives a GDPR erasure request, you have to include the backup tapes too. Practically, MSPs work with rolling schedules of 6 weeks or 3 months, after which tapes are reused or destroyed. Longer archives (annual backups) get separate handling.
Degaussing versus shredding
Degaussing (demagnetising) makes magnetic tapes unusable but does not work on SSDs. Shredding works on everything. In practice:
- LTO tapes: degaussing is effective if the degausser has the right strength. Physical shredding is definitive and verifiable. See Backup tapes and LTO tidy-up.
- Hard drives: degaussing works, but it makes it hard to verify that the medium is indeed unusable. Shredding gives visual evidence.
- SSDs and NVMe: no flux, so no degaussing. Only physical destruction (E-4).
- USB sticks and memory cards: physical shredding to E-4.
For an MSP a mixed route is practical: LTO via mobile destruction (shredder), SSDs and disks in the same session. First choice: one mobile visit in which all media go through the same truck.
Certificate per client
Important: group media per client, not per batch. When the MSP has tapes from five clients destroyed on one day, you want five certificates, not one combined certificate. Reason: each client has its own processing register and must be able to demonstrate that their data, specifically, was destroyed.
DeSnipperaar works as standard with certificate per job. You indicate at intake which media belong to which client, and get correspondingly split certificates back.
Cloud exports and hybrid backups
Client backups do not always sit on tape. Some MSPs export to cloud object storage and keep a local tape copy in addition for disaster recovery. Destruction of the local copy and confirmation of cloud deletion must both be arranged. The cloud provider sometimes delivers a form of deletion confirmation, but the tape remains physically present until you have it destroyed.
Stack of tapes and loose media tidied up?
We drive past with the shredder truck, destroy per client and deliver split certificates. DIN 66399 H-4 for tapes, E-4 for SSDs.
Request a quoteSector page
More practical information on our approach for MSPs at IT service providers & MSPs.
Ready to clear the backup cabinet? Request a non-binding quote. No contract, no minimum.