The question rarely comes out loud. It usually creeps in - between a tax audit, a supplier dispute or a GDPR request. Then the auditor asks: "Can you provide complete and unalterable proof of the original data from 2019?" And the IT team looks at itself: "We have a backup."
What follows is not a technical problem. It's a legal problem. A backup is not an archive. This confusion is one of the most common - and most expensive - compliance errors in German companies.
This article explains what backup and archiving mean in technical and legal terms, why they are fundamentally different, and the specific consequences of the error in GoBD audits, GDPR audits and civil law proceedings.
|
THE MOST IMPORTANT FACTS IN BRIEF
|
|
BRIEFLY SUMMARIZED
|
A backup is a copy of data at a specific point in time - created with the aim of being able to restore this data in the event of loss. That is the complete definition. No more, no less.
Backups answer the question: "What happens if our data is lost?" They are emergency tools - for hardware failures, ransomware attacks, accidental deletion or system crashes. The technical logic behind this is: make regular copies so you can roll back.
|
WHAT A BACKUP TECHNICALLY DOES - AND DOESN'T DO ✓ Restore data after loss (full backup, incremental, differential) ✓ Restore a defined system state at a point in time ✓ Protection against accidental data loss due to hardware errors or human error ✗ No protection against manipulation: backup data can be changed ✗ No revision security: Who changed what and when? - Backups do not log this ✗ No retention period logic: backups are overwritten, older versions are lost ✗ No vendor independence: backups in proprietary format cannot be read without backup software ✗ No application retirement: to access backup data, the source system must often still be running |
Audit-proof archiving is the permanent, unalterable, complete and machine-readable storage of data - with the aim of being suitable as evidence in the event of an audit or dispute. This is a legal, not a technical definition. The technical requirements follow from the legal purpose.
The term 'audit-proof' is made up of two requirements: 'revision' in the sense of audit (tax audit, audit, GDPR audit, court) - and 'secure' in the sense of unchangeable and verifiable. Audit-proof means that every change to archived data is logged - or is technically impossible.
|
THE 5 CORE FEATURES OF LEGALLY COMPLIANT ARCHIVING (GOBD)
|
The following comparison shows the technical and legal differences between backup and audit-proof archiving - structured according to the criteria that count in the event of an audit.
|
|
Classic backup |
Audit-proof archiving |
|---|---|---|
|
PRIMARY PURPOSE |
Recovery after data loss - recovery tool for emergencies |
Legally compliant long-term storage as evidence - Compliance tool for audits |
|
IMMUTABILITY |
Not given. Backup data can be overwritten, modified and deleted - without any protocol. |
Technically ensured. Once archived, data cannot be changed. Every permitted correction is logged. |
|
REVISION SECURITY |
Not available. There is no change history, no proof of originality and no integrity check. |
Core feature. Complete change history, cryptographic integrity check, complete audit trail. |
|
GOBD CONFORMITY |
Not compliant. The BMF letter (GoBD 2019) explicitly does not recognize backups as sufficient. |
Compliant - if implemented correctly in accordance with GoBD requirements (completeness, accuracy, immutability, machine analyzability). |
|
LONG-TERM READABILITY |
Dependent on backup software, proprietary format and the source system. Often no longer readable after 10 years. |
Manufacturer-independent, open format. Data can still be read in 20 years without special software - regardless of system changes. |
|
RETENTION PERIODS |
No logic. Backups are overwritten after defined cycles - older data is lost. |
Automatic deadline management: tax law (10 years), commercial law (6 years), GDPR (proof of deletion) - controlled by data category. |
|
DEPARTMENT ACCESS |
Requires IT ticket: localize, export, convert, prepare backup - typically 1-3 days IT effort. |
Self-service. Departments can retrieve archived data directly and independently - without IT involvement, without a ticket. |
|
APPLICATION RETIREMENT |
Not possible. In many cases, the source system must still be active or reactivatable in order to access backup data. |
Enables complete shutdown of legacy systems. Data is permanently accessible regardless of the source system. |
|
7 GoBD core criteria BMF letter 2019 |
10 J. Tax retention obligation AO §147 |
0 from 5 Backup systems GoBD-compliant Practical experience CSP |
>300% ROI CHRONOS CSP customer data |
Abstract differences are rarely convincing. That is why this section shows five concrete audit and liability scenarios - with the typical reaction of a backup-only organization in direct comparison to an organization with legally compliant archiving.
AUDITOR ASKS:
"Please provide us with all accounting data for the period 2017-2020 in machine-readable form. Proof of immutability required."
|
❌ With backup IT exports data from the backup - proprietary format, not directly analyzable by machine. No proof of immutability possible. Auditor doubts GoBD conformity. |
✓ With CHRONOS archive Data is exported directly from the CHRONOS archive: complete, machine analyzable, with cryptographic proof of integrity. Auditor accepts the proof. |
|
Result: Backup: Assessment decision at risk. Archive: Audit completed |
|
AUDITOR QUESTIONS:
"Please provide evidence that the personal data of the customer Müller, which was requested for deletion in 2019, has been completely and permanently deleted."
|
❌ With backup Backup may still contain the data - there is no deletion logic in the backup system. Proof of deletion not possible. Data protection breach documented. |
✓ With CHRONOS archive CHRONOS Archive keeps a complete deletion log. The data record was deleted in accordance with GDPR requirements and this was logged in an audit-proof manner. Proof immediately retrievable. |
|
Result: Backup: risk of fines. Archive: Compliance confirmed |
|
AUDITOR QUESTIONS:
"We require all accounting-related documents for financial year 2018. Please ensure that the documents are complete and in their original form."
|
❌ With backup Backup from 2018 exists - but is opened on new system. Format conversion has partially changed metadata. Auditor cannot confirm originality. |
✓ With CHRONOS archive CHRONOS archives receipts with original metadata and hash value. Auditor can check integrity himself. Completeness verified by archiving log. |
|
Result: Backup: Confirmation reservation in the audit report. Archive: Unqualified audit opinion. |
|
AUDITOR QUESTIONS:
"Please provide evidence that the production batch CH-2019-4471 complied with the specified process parameters. The production system was shut down in 2021."
|
❌ With backup The production system has been shut down. The backup still exists - but without the original software, the format is no longer readable. The data is effectively lost. |
✓ With CHRONOS archive CHRONOS extracted the data from the old system during system retirement and archived it in an audit-proof open format. Immediate, complete, manufacturer-independent retrieval. |
|
Result: Backup: Loss of evidence, liability risk. Archive: Complete proof of discharge |
|
AUDITOR ASKS:
"As insolvency administrators, we need access to all transaction data from the last 10 years. Former IT employees are no longer available."
|
❌ With backup Backup exists - but the backup software is no longer licensed. The know-how for the restore lies with a former employee. Access takes weeks or fails. |
✓ With CHRONOS Archive CHRONOS Archive is completely self-explanatory and accessible without specialist knowledge. Insolvency administrator receives immediate self-service access via structured interface. |
|
Result: Backup: Delay in proceedings, personal management liability at risk. Archive: Smooth processing |
|
This is not a criticism of backup solutions. Backups are excellent tools - for the purpose for which they were developed: Recovery. The problem arises when they are used for another purpose for which they are structurally unsuitable: as legal proof.
The three central legal bases that ensure archiving obligations in German companies formulate requirements that backups cannot fulfill by definition.
The BMF letter on the GoBD (as of 2019) explicitly states: Tax-relevant data must be stored completely, correctly, in a timely manner and in an unalterable form - machine-readable and readable without the taxpayer's special software. A backup that cannot be read without the backup software or the source system does not structurally fulfill this requirement. A backup that can be overwritten is not unalterable. Point.
HGB §257 and AO §147 stipulate retention periods of 6 and 10 years respectively for various document categories. The decisive requirement is not just the duration - but the quality: documents must be available at all times, immediately readable and fully reproducible. Backup systems that were migrated to a format that no longer reads old backups after 5 years fail here.
The GDPR not only requires that personal data is handled correctly - it also requires proof of this. This is called the accountability principle (Art. 5 para. 2 GDPR). Proof must be actively provided. A backup that does not log proof of erasure or does not store proof of processing in an unalterable form cannot fulfill this obligation to provide proof.
|
Legal basis |
What it requires |
Why backups fail |
What archiving solves |
|---|---|---|---|
|
GoBD (BMF 2019) |
Immutability, machine readability, readability without special software |
Backup is not immutable; proprietary. Format; dependent on source system |
Open format, unchangeable, directly analyzable |
|
AO §147 |
10-year retention, available at any time and immediately readable |
Backups are overwritten; format compatibility over 10 yrs. not certain |
Automatic deadline management, long-term readability guaranteed |
|
HGB §257 |
6-year storage of commercial letters, 10 yrs. Accounting |
Backup cycles delete old data; no deadline logic |
Retention periods stored and enforced for each data category |
|
DSGVO Art. 5/17 |
Accountability, proof of deletion, verifiable handling of data |
No deletion logs; no proof of processing; no accountability trail |
Complete log of all archiving and deletion processes |
|
§Section 147a AO (obligation to keep records) |
Taxpayers with high income: special record-keeping obligations |
Backup does not cover recording obligation |
Audit-proof recording of all taxable transactions |
Backups secure data for recovery - CHRONOS archives them in a legally compliant, tamper-proof and audit-proof manner, including deletion and retention periods.
-Korbinian Hermann Managing Director, CSP Intelligence GmbH
The answer is almost always: both. Backup and archiving are not alternatives, but complementary systems with different tasks. If you only have a backup, you are equipped for an emergency - but not for an audit. If you only have an archive, you cannot restore quickly after a system failure.
The rule of thumb: What happens if ...
... the hard disk crashes? → Backup necessary. Archive optional.
... the tax office checks? → Archive necessary. Backup irrelevant.
... a legacy system is to be shut down? → Archive necessary. Backup not sufficient.
... a supplier complains and demands receipts? → Archive necessary. Backup not suitable as evidence.
... an employee accidentally deletes data? → Backup necessary. Archive as additional evidence.
|
RECOMMENDATION FOR IT MANAGERS: THE TWO-SYSTEM LOGIC
|
CHRONOS is the archiving platform from CSP Intelligence GmbH - specializing in data archiving and IT compliance since 1991. The platform addresses exactly the difference described in this article: It is not a backup system. It is a legal security system.
CHRONOS is most frequently used in three situations. Firstly, companies that have experienced an audit and have realized that their backup system is inadequate. Secondly, IT managers who want to shut down legacy systems but cannot lose the historical data they contain. Thirdly, compliance officers who need GDPR audit security and require complete proof of deletion and processing.
In all three situations, the result is the same: CHRONOS replaces 'We have a backup' with 'We can prove it.