[_o_]

Unclear regulation? I am encountering this over and over again. Lets clear the unclearity...

If you have my data, you will handle them in same manner as you would handle yours. You are not selling yours to get higher prices when buying something online? You are not selling your email account to spammers to get a lot of worthless emails to your email account each day? ... Now you wont do it withy my data either. It is so simple, you don't need any clarification. No special law or directive, no studying of GDPR... it just works. Oh you want me to receive unsolicited emails for your profit? You want me to get tracked? ... I will personally take care you will get a punishment and/or sue you personally.

What is so complicated here? Act in best interest of you customers, regarding the personal data, and you are safe, over whole EU. I don't understand what is the problem unless you are NOT ACTING IN THEIR BEST INTEREST, then it becomes vague (you need a way to circumvent GDPR, but you can't as it is not an IRS list but a conceptual law). Anyone having a problem with GDPR already knows the answer that solves the "problem". But wants to continue his habits.

Just state your problem and I will answer to you with advice where you wont get punished for breaking GDPR, just ask. But you wont, right? You know the answer, but you need a way to avoid it. Wont work.

[SahAssar]

I fully agree with you, but there are many technical services/platforms that assume things that are not compatible with that thinking. Those will have to change, but they are still not up to speed.

Let me preface my question with the statement that I mostly love the GDPR, and I think it greatly improves privacy and digital rights and I will exercise some of those rights come May 25:th against companies that I feel have needlessly collected data on me.

That said I (as a data controller) think that in many cases that the guidelines are very weak or undefined on subjects like logs or backups. I (as a private individual) think that any deletion request should automatically apply to logs and backups, but also I (as a data controller and...) as a operator of a service see it as a problem to have backups be mutable and have large swaths of data need to be deleted from backups and logs.

Is there any way to reconcile these ideas?

[_o_]

Sorry for late reply. For old data, the easyest way is to burn the tapes and make new backups. Now about new backups, here it becomes nasty as typically they aren't organized granulary enough (but you also need this for exporting the data on user request, so you just need to do it). Instead of backuping the whole databases, backup each users data separately, maybe database partitioning, table inheritance (postgres) or something else, hard to be specific here. Once you did that, backup the data by encrypting them with random key (long enough, we are using 32 bytes of random garbage) for each user while storing those keys on simply modifiable storage, cloud, whatever in triplets. Once the user requests data deletition, just destroy the key. We did it this way and it is great solution (and we DID burn the tapes literaly, luckly we have business data separated physically from everything else from the start).

Logs are destroyed each week and the customer will be notified. Also we anonymize ips and reverse lookups by hashing them, while we still can identify the same visitor.

I hope I was helpful :)

[tatersolid]

If You’re really destroying your logs each week you’re not meeting a lot of regulatory requirements, such as PCI if you accept credit cards.

Most security-oriented regulations, and indeed so-called “best practice”, requires keeping logs for security auditing purposes for at least a year if not longer. They’re often the only tool you have to detect when and how a breach began.