|
|
|
|
|
|
by gchambert
2026 days ago
|
|
|
Processing PII doesn't need consent if it's necessary to provide the service. Keeping logs fits in this category: to run a website, you need the ability to debug problems, analyze frauds and attacks. Moreover, you have the responsibility to protect your users, hence be able to analyze attacks, and block malicious IP addresses. And lots of countries have laws that make it mandatory to keep these logs in case police needs them (e.g. France, 1 year mandatory retention). To make this processing legal, then GDPR demands that you inform your users, minimize the amount of PII, anonymize as soon as possible, and most of all not use this PII for other purposes. |
|
|