Stop logging the IP address then. Hopefully default settings in web servers will change.
> What kind of online business can reasonably be done without using an email adress, if only for login/resetting password if lost?
That means you have a legitimate interest, so long as you don't send marketing emails to those addresses, or sell them, and so long as you delete them if someone deletes their account.
> How does for example a small yoga studio’s email list fit in your examples?
If someone signs up to your email list, they've consented to receiving emails. Just don't sell the list, and remove people if they unsubscribe.
The only real complication (if you're in the UK, I don't know about other countries) is that there is a fee to register as a data controller. https://ico.org.uk/for-organisations/data-protection-fee/
the thing is not about doing what you propose but that however you‘re doing it, you have a lot of bureaucracy and legal insecurity right now.
The examples of wrongdoing you give should be leading to hard measures.
But those with good intentions shouldn’t have high bureaucracy costs.
To be clear: i don’t say these laws shouldn’t exist. They just should have been targeted at the actual wrongdoers and put smallest possible burden on all with no bad intentions.
Then you have a legitimate need for the data, so store it for a reasonable length of time and then delete it.
People repeat this a lot, but it sounds like complete nonsense.
Why does your business need to perform “security anslysis in case of attacks”? Do you get paid to do that? Why would you need IP addresses for that?
Another example is logging requests to secure sections of the site and/or server and perform IP blocks on fishy activity.
I don't see why the IPs would ever have to hit the disk for this purpose, just keep them cached in RAM for a few minutes.
the only way round this is to make the webserver spend a non-trivial amount of time running some derivation function on the IP for each and every request (remember you can't cache the result if the entire point is not to store the IP)
The problem is that it's possible and that is where the GDPR hooks in.
Put another way:
If the goal is to prevent certain actions by making them illegal
and a given boundary can already ensure that, whats the point in widening that boundary even more?
Atleast in germany the boundary has not been widened and most corporations seemed to operate just fine.
> Just because if the name is added to such a database of cars produced, it will be personal identifying?
When you add data to your database you'll have to consider this, yes.
Privacy under the GDPR means that you evaluate whether or not it is necessary to store such data.
Why? Because the GDPR is not only about the present but also about potential problems. If your database gets breached and someone runs of with the data, the GDPR seeks to ensure that the data contained is the absolute minimum necessary and does not threaten the privacy of the users if possible.
Under GDPR you do not own data like car color, built, model, extras. People give you stewardship of the data and you are responsible for it. It is your task to protect it. Protecting people's data is easier when you don't have as much of it.
But in legal matters, you need to identify people and have some kind of audit trail, especially if they tried to breach your system. That makes no sense.
If IP addresses in logs are necessary for audit trails, why aren’t fingeprints?
That doesn’t help.
IP adresses are not 1:1 assigned to a person for a whole lifetime, fingerprints are.
Only with a lot additional effort and connection to other databases, IP adresses can actually be connected with a person, but only for an uncertain period of time, finding out this timespan, and ensuring it’s really only exactly this one person requires even more effort.
So a properly crafted law would have made all these efforts illegal, and put high fines on them, but not the decades old practice of storing ip adresses in logfiles.
I understand audit logging for authenticated users, but that's hardly a general case.
I want to be protected from marketing firms that sell my email adress , and everyone who uses it to send me mails for whatever product to buy judt because i entered it for some totally different reason. Those shall be fined with 5 figure amounts.
I don’t see how my(and my housemates/office colleagues etc) ip in the logfiles of the webserver which a small business rented for 3€ to upload 3 html filed can be abused (without storing my email and name without consent which is actual personal data and therefore illegal) and i dont want my hairdresser, car mechanic etc be in need to consult a lawyer to understand all that stuff and have a day worth of bureaucracy and adfing a “we have your current ip in the logs” note just because they want me to be able to google their street adresses.
The law is simply not well crafted for no use if the latter is the case.