--- title: Archive consultancy date: 2026-05-22T12:13:00+02:00 author: Hannes Heckel canonical_url: "https://www.fast-lta.de//en/fast/contact/archiving" section: Corporate Pages --- Compliance & Long-Term Archiving # Data archiving in compliance with legal requirements and in an audit-proof manner GDPR, KRITIS, KHZG, BSI Basic Protection, tax law retention requirements. You’re familiar with the regulations. The question is: how can you implement them without tape and without relying on the cloud? That’s exactly what we’ll be discussing. ### GDPR The GDPR (General Data Protection Regulation, EU 2016/679) is the European regulation for the protection of personal data — particularly relevant for IT infrastructure in Art. 5 (principles), Art. 17 (right to erasure), Art. 28 (processors) and Art. 32 (security of processing). [Mehr erfahren →](https://www.fast-lta.de//en/glossary/gdpr) ## What we talk about ### What data? Classification, retention periods by data category, current volume and projected volume in five years. Conduct an inventory before designing a solution. ### What requirements? Industry regulations (GoBD, KHZG, ISO 27001, BSI IT-Grundschutz, NIS2). Internal compliance requirements. Audit requirements set by your auditor. ### BSI IT-Grundschutz The BSI IT-Grundschutz is a framework developed by the German Federal Office for Information Security (BSI) with standardized security requirements for IT systems — for KRITIS operators, NIS2-affected organizations and public authorities, it is the central reference for demonstrable IT security measures. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/bsi-it-grundschutz) ### BSI IT-Grundschutz The BSI IT-Grundschutz is a framework developed by the German Federal Office for Information Security (BSI) with standardized security requirements for IT systems — for KRITIS operators, NIS2-affected organizations and public authorities, it is the central reference for demonstrable IT security measures. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/bsi-it-grundschutz) ### NIS2 The NIS2 Directive (EU 2022/2555) is an EU regulation that obliges essential and important entities to implement specific cybersecurity measures — including demonstrable backup management, crisis management and reporting obligations — with personal liability for management bodies in case of non-compliance. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/nis2) ### GoBD The GoBD (Principles for the Proper Management and Storage of Books, Records and Documents in Electronic Form as well as Data Access) is a German Federal Ministry of Finance letter that specifies how tax-relevant documents must be archived electronically in Germany — particularly regarding immutability, completeness and auditability. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/gobd) ### What architecture? Silent Cubes as an audit-proof secondary storage archive. Separation of backup and archive. Integration with your primary systems. ## What you won’t hear from us ##### No tape recommendation You are aware of the risks (media degradation, reader availability, restore times). We recommend solutions that will still be working ten years from now. ##### No ‘cloud-first’ approach Anyone required to comply with a 30-year retention obligation cannot be tied to a hyperscaler’s pricing policy. ##### No generic storage slides We’re talking about your retention periods, not IOPS charts. --- Request a consultation ## We will get back to you within 24 hours Tell us about your **archiving project**. We’ll show you exactly what an audit-proof solution might look like. On weekdays. With the right contact person for your needs. ## You might find this interesting [Topics page #### Compliance & Retention Requirements An overview of the key regulatory frameworks and their storage requirements. [Lesen ](https://www.fast-lta.de//de/blog/it-compliance "Lesen")](https://www.fast-lta.de//de/blog/it-compliance "Lesen")