|
|
|
|
|
|
by jai_
1216 days ago
|
|
|
No that is not how the GDPR works. It would be illegal specifically if you _collected and stored_ the IP address information from the phone home requests to process in some form later. If you simply process the web request, and don't store the IP address then there it no issue. If you do end up storing IP address in a log somewhere, then simply having the logs deleted in a documented and reasonable timeframe will be enough. "Documented and reasonable timeframe" is intentionally vague since business requirements are varied, but if you can justify whatever you come up with, then there is no issue. Simply do not hold onto user data for longer that what is required for the purposes of the user request. That's it. |
|
|