[closewith]

Whatever about relying on legal advice for your own retention policy, it seems unwise to make sweeping generalisations packaged as guidance on GDPR For Developers By Example.

For one thing, as with any legislation, simplifying it to a limited number of examples is guaranteed to lead to error by omission. I'm sure that you've noticed that when legal firms post guidance about the GDPR (and in private correspondence like you would have received in your own conversations with lawyers), they are never as definitive or absolute in their advice as this blog post is.

>And on deleting logs, the law literally says archival reasons.

Where in the Regulation are you referring to? Are you referring to archiving in the public interest?

> But also, there is a technical feasibility exception too.

There is no technical feasibility ("disproportionate effort"/"impossibility") exemption for the right to deletion. Whether a company can use such an argument as a successful defence has not yet been litigated.

> The legitmate interest for knowing what went on in your system for logs doesn't isn't just for helping the user. Knowing why there was a traffic spike, what happened in the past, etc is important to know how properly handle your business, this is a legitmate need for a company. Again, lawyers told me this.

To rely on the legitimate interest basis, you need to demonstrate that the processing is necessary to fulfil that interest and that it is balanced against the data subject’s interests, rights, and freedoms. It may be a valid basis, but it's certainly not definitive.

All in all, I feel that it may be better from all involved if you refrain from giving advice on the GDPR. I'm sure your lawyers will thank you.

[that_guy_iain]

I like this reply. Thanks for it.

> For one thing, as with any legislation, simplifying it to a limited number of examples is guaranteed to lead to error by omission. I'm sure that you've noticed that when legal firms post guidance about the GDPR (and in private correspondence like you would have received in your own conversations with lawyers), they are never as definitive or absolute in their advice as this blog post is.

You'll notice they never concrete advice on anything really. For the same reason no matter how strong your case is they'll always tell you that you might lose. Lawyers say lawyer things.

[Aerroon]

And yet whenever the negatives of GDPR comes up in discussions someone is there to always ensure everyone that "don't X, it's just that easy". It really really doesn't appear to be that easy.