|
|
|
|
|
|
by slackner
1206 days ago
|
|
|
There are a few justifications that allow you to process PII. One of them is to fulfill a contract (e.g. storing the address when a user purchases a product). The same justification is also used to store IPs in logs as you might need this information to debug issues or report illegal activity to authorities. The same reasoning cannot be applied to analytics as there are no technical or legal requirement to have them and they are rather an optional addon. Moreover, there is also a restriction how long you are allowed to retain logs that have PII in them. You must not store them any longer than required (or anonymize them). I think 7 days is a commonly used limit for this. |
|
|