
Ask HN: What's your GDPR-compliant encrypted logging solution? - pjc50
Given that files which may contain customer names and purchase information are potentially covered by GDPR, is there a good standard solution to protect them?
======
jakozaur
Ideally:

1\. Use logging SaaS that takes GDPR seriously (e.g. Sumo Logic where I work).

2\. Avoid logging sensitive data (e.g. log id, not the address), use joins
when you can reconstruct them.

3\. Keep logs with reasonable retention.

4\. Use logs for debugging and operational aspects, don't use those data for
marketing, profiling as it is causes a lot of pain (e.g. right to forget).

GDPR is generally vague what it actually means and there are a lot of
interpretations. E.g. can I log IP of my visitors without consent. Possible
answers:

1\. No you can't. Never.

2\. Yes, do whatever.

3\. Yes, If you use it for security or system troubleshooting. No, if you use
it for marketing, sales, etc.

The majority of interpretations, lean towards 3, but some ppl claim 1.

------
mtmail
I'v read Facebook has long-term backups on Blueray discs where each record has
the user id plus encrypted data. Each user has their own encryption key. When
a user gets deleted they throw away the encryption key. I haven't seen an off-
the-shelf solution for this yet.

That said purchase information might be covered by other regulation, e.g. tax
law, which would overwrite GDPR. GDPR also doesn't set a fixed data expiry,
you can document that records are deleted X months later (as long as it's not
infinite).

------
twunde
A resource you may find useful is AWS' GDPR compliance center:
[https://aws.amazon.com/compliance/gdpr-
center/](https://aws.amazon.com/compliance/gdpr-center/)

This has some white papers and general advice for achieving GDPR compliance on
AWS.

------
outsideoflife
Unless you have a reason for keeping them /dev/null is probably the best
answer.

If you have a reason for keeping them think about who needs to see them again
and on what timescale. As other poster mentioned legal reasons override GDPR.

How big are your logs? Do you really need them?

