[amarkov]

Under the terms of the GDPR, user benefit is not required. I can log any PII I'd like as long as the user's given consent for it to sit in that log, or for it to be used in some process that reads from that log.

I probably would want to impose stricter rules on myself for the sake of avoiding regulators. But that's part of the problem. It doesn't seem possible to comply with GDPR as such without an army of consultants to guide you; what you have to do instead is invent a stricter regulation and follow that one instead.

> If a regulator thinks you are bending the rules good luck

That's the other part of the problem. A healthy regulatory system needs some way to say "well, you think I'm bending the rules, but I'm actually compliant in this complex way you hadn't considered". If a GDPR regulator just doesn't know much about software development, and thinks that any rollout-induced delay is undue, how do I argue against that?

[stravid]

> Under the terms of the GDPR, user benefit is not required. I can log any PII I'd like as long as the user's given consent for it to sit in that log, or for it to be used in some process that reads from that log.

Read my comment again, it does not say a user benefit is required. What it says is that you need a specific purpose for processing PII. A user can only give you consent for a specific purpose. What is the purpose that results in his PII ending up in an immutable log file? Asking for general consent without a specific purpose does not work with GDPR.

> That's the other part of the problem. A healthy regulatory system needs some way to say "well, you think I'm bending the rules, but I'm actually compliant in this complex way you hadn't considered". If a GDPR regulator just doesn't know much about software development, and thinks that any rollout-induced delay is undue, how do I argue against that?

If you feel you are being treated unfairly you will probably argue through your lawyer. As a technical person I would love it if the GDPR is black and white. It would allow me to know if I comply or not but real life is hardly black and white. So instead of being upset with things I can't change I will just do my best to comply.

PS: I don't understand the downvote.

[amarkov]

I also don't understand the downvote.

I need a specific purpose for processing PII, but that doesn't mean that I need a specific purpose for each individual place that PII ends up going. If my web server or database end up incidentally capturing the data in transit, that's not a violation, any more than it's a violation if I copy the data onto more sheets of paper than are strictly necessary.

[stravid]

You are right and in that case you should also have a process in place to delete the PII from the additional sheets of paper. I'm inclined to keep PII out of logs in the first place but am unsure how to proceed. Either just don't log any data / parameters or implement some kind of whitelist like you would with passwords and other secrets.