[oneplane]

There is nothing non-compliant about that. You seem to misunderstand essential vs. data hoarding for advertisement purposes. If you were to keep that data forever, sell it to third parties or profile users based on that logging data, not tell them about it, then yeah, you'd be violating the GDPR.

For normal operation system logging is pretty much a requirement for essential operation. That includes most properties of a connection like IP, UA, date, time, URI etc.

[Semiapies]

Which is the answer I see all of 50% of the time. Then, I see "Well, actually it is non-compliant because yadda yadda". My company isn't going to hire international compliance experts to review the operations of every public website we run, and we don't have any that need European visitors. So, best to just block them.

[oneplane]

But what about national compliance experts, do you hire those? Because you have a lot more national compliance on your plate than international...

[Semiapies]

That just emphasises how worthless it would be to spend effort to make sure we're compliant with GDPR. We have better things to do.

[oneplane]

And that just emphasises how much you'd rather not worry about user data or telling users about it. You have money to make off of it?

[Semiapies]

Meaning what? Our time is finite. Time we spend trying to comply with European regulations, when we have no European presence and seek no European customers, is time taken away from everything else we need to do—including complying with the actual laws we live under.

[spullara]

Without it documented why I am collecting it, how I use it and how I store and delete it, it is non-compliant that I am collecting it at all. I think that you are assuming that they know it is being collected and that they are supposed to use it for something. They don't. It is not essential at all to the operation of the service if you don't actively monitor it. Saying it could potentially be used for some kind of security function seems like a CYA if you aren't actually doing that.

Do you disagree with this TLDR of the regulation?

https://www.smartsurvey.co.uk/articles/gdpr-compliant-with-d...

Without a bunch of work that hasn't been done I seriously doubt that they can give Right to Access, Right to be Forgotten, Data Portability, Privacy of Design and it does clearly state it is Personal Data.