Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Ault Nathanielsz 87 posts 407 karma points c-trib
    Oct 04, 2017 @ 12:57
    Ault Nathanielsz
    0

    I suppose that this may be outside the scope of this forum (except possibly for Umbraco Cloud) as it relates to the hosting environment.

    My understanding is that a service must receive consumer consent prior to data collection.

    If this is correct, a server log that records a requesting ip address with the user's original request for a page (before consent can be given) may be problematic.

    Does anyone have any thoughts?

  • Comment author was deleted

    Jan 16, 2018 @ 19:59

    IP addresses are personal data under the GDPR, and as such you can’t collect it without having obtained consent (and being able to document that consent where given) from the persons you’re collecting information about.

    There is an exception given for the requirement about obtaining consent that allows for limited collection of personal data when this is collected for the sole purpose of detecting and preventing unauthorized access, or other network security needs. You still have to delete this data in a timely fashion, limit access to it even within your own organization, and ensure it’s securely stored.

    I wrote up some specifics about this topic in EU GDPR and personal data in web server logs if your interested in more details, including a suggested implementation with logrotate and GnuPG encryption.

Please Sign in or register to post replies

Write your reply to:

Draft