[jtl999]

`tail /var/log/nginx/access.log` Oops.

Also the section of the GDPR that talks about pseudonymization using a token how should my user DB table be GDPR compliant? Contains ID (primary key), username, password hash, email, etc and the ID is also in other DB tables for obvious reasons (such as user posts/actions).

[jesdjkeujjuju]

I think it can simply be GDPR compliant if you inform your users that you are saving that data in your database, and they give you the explicit OK to do to. Explicit consent meaning they tick a checkbox saying "I understand that page x is saving the data y in a database and I am OK with it".

If you have a site where users can make posts, I'd say they pretty much give you consent by signing up. IANAL, though.

[scaryclam]

The consent has to be explicit. Of course, you can always just require consent in order to sign up. Just as long as it's clear what's going on and you can remove/anonymise the data if the user decides to revoke their consent and leave the service.

[jesdjkeujjuju]

OK, but explicit in what sense? Does it have to refer to the GDPR, as in "I agree my dta will be stored according to GDPR"? I must admit I have trouble understanding it - how could anybody sign up anywhere without data being stored?