Ask HN: What's your GDPR-compliant encrypted logging solution?
Given that files which may contain customer names and purchase information are potentially covered by GDPR, is there a good standard solution to protect them?
4 comments
Ideally:
1. Use logging SaaS that takes GDPR seriously (e.g. Sumo Logic where I work).
2. Avoid logging sensitive data (e.g. log id, not the address), use joins when you can reconstruct them.
3. Keep logs with reasonable retention.
4. Use logs for debugging and operational aspects, don't use those data for marketing, profiling as it is causes a lot of pain (e.g. right to forget).
GDPR is generally vague what it actually means and there are a lot of interpretations. E.g. can I log IP of my visitors without consent. Possible answers:
1. No you can't. Never.
2. Yes, do whatever.
3. Yes, If you use it for security or system troubleshooting. No, if you use it for marketing, sales, etc.
The majority of interpretations, lean towards 3, but some ppl claim 1.
1. Use logging SaaS that takes GDPR seriously (e.g. Sumo Logic where I work).
2. Avoid logging sensitive data (e.g. log id, not the address), use joins when you can reconstruct them.
3. Keep logs with reasonable retention.
4. Use logs for debugging and operational aspects, don't use those data for marketing, profiling as it is causes a lot of pain (e.g. right to forget).
GDPR is generally vague what it actually means and there are a lot of interpretations. E.g. can I log IP of my visitors without consent. Possible answers:
1. No you can't. Never.
2. Yes, do whatever.
3. Yes, If you use it for security or system troubleshooting. No, if you use it for marketing, sales, etc.
The majority of interpretations, lean towards 3, but some ppl claim 1.
I'v read Facebook has long-term backups on Blueray discs where each record has the user id plus encrypted data. Each user has their own encryption key. When a user gets deleted they throw away the encryption key. I haven't seen an off-the-shelf solution for this yet.
That said purchase information might be covered by other regulation, e.g. tax law, which would overwrite GDPR. GDPR also doesn't set a fixed data expiry, you can document that records are deleted X months later (as long as it's not infinite).
That said purchase information might be covered by other regulation, e.g. tax law, which would overwrite GDPR. GDPR also doesn't set a fixed data expiry, you can document that records are deleted X months later (as long as it's not infinite).
A resource you may find useful is AWS' GDPR compliance center: https://aws.amazon.com/compliance/gdpr-center/
This has some white papers and general advice for achieving GDPR compliance on AWS.
This has some white papers and general advice for achieving GDPR compliance on AWS.
Unless you have a reason for keeping them /dev/null is probably the best answer.
If you have a reason for keeping them think about who needs to see them again and on what timescale. As other poster mentioned legal reasons override GDPR.
How big are your logs? Do you really need them?
If you have a reason for keeping them think about who needs to see them again and on what timescale. As other poster mentioned legal reasons override GDPR.
How big are your logs? Do you really need them?