Some backup vendors DO know what they're backing up and CAN take action
The industry sources may have been somewhat limited. Was very surprised to read the summary position: "Vendor software across the board doesn't know what it is backing up and won't necessarily easily or practicably find the data the subject has requested to be erased, according to industry sources.".
Some vendors, such as Commvault, have considerable discovery and insight into the contents of data being backed up, including personal data, across their enterprises. They also have the ability to use that profiling to
* enact and automating data policies
* flag content for review
* support prioritization of risk management according to various risk profiles and criticalities
* perform proactive risk mitigation on the data from backups and directly from the data source
* and support data subject requests including the right to access and right to be forgotten (with removal from backup sets and data sources).
Points well taken from the article though. Many customers are challenged with how to deal with both the discovery and remediation of personal data within their environments. The market has some interesting options, so don't lose hope!