Compliance with data privacy rules is often a high priority for CXOs, and this encompasses backup and archiving. Organisations must be aware of the limitations of systems and how these impact on lawful data processing and retention and the enhanced rights of data subjects. They should also consider what contractual protections they need. For example, is the information easily accessible in a useful format whenever required? And to avoid vendor lock-in, it’ll be important to ensure that data will be returned in an industry-standard format on expiry of the contract.