How do the six data protection and security goals apply practically to a data backup scenario?
Each of the six goals (confidentiality, integrity, availability, transparency, unlinkability, intervenability) translates into specific backup measures — showing how abstract principles become concrete technical requirements.
Applying all six goals to data backups:
| Goal | Backup Measure |
|---|---|
| Confidentiality | Encrypt backup data |
| Integrity | Protect backups from manipulation (checksums, write-once media) |
| Availability | Ensure durability and proper storage of backup media |
| Transparency | Document backup procedures, responsibilities, and log all backup/restore operations |
| Unlinkability | No unauthorized cross-purpose use of backup data |
| Intervenability | Enable deletion capabilities; protect against accidental restoration of data that should have been deleted |
Why this example is useful:
It shows that even a seemingly simple IT operation like "making backups" touches all six data protection goals. The intervenability point is particularly interesting — if a user exercises their right to deletion, the backup system must either:
- Also delete their data from backups (technically challenging)
- Ensure that restored backups don't reintroduce deleted personal data
Tip: Use this six-goal framework as a checklist when designing any data processing system. If any goal is unaddressed, you have a gap in your security or privacy posture.