GDPR compliant logging

When talking about Personal Identifiable Information (PII) we are talking about strong and weak user identifiers. A strong identity for example is a username or email address. Weak identity is an IP address, browser user agent, cookie, or session id. A combination of weak identifiers gives us a strong user identifier.

When saving log events, you can not simply save the customer IP address, browser user agent, or cookie id in the web server or cloud log. Saving personal records as-is in logs makes your system not privacy-compliant unless you do one of the following:

  • Short log retention policy - automatically remove log events older than a few weeks or up to one month.
  • Encrypt all strong and week identities before saving in the log files.
  • Use session token generated by Databunker in your logs.

What is so special about the Databunker session token?

Databunker can generate a special session token to save in the server logs files. Databunker provides you an additional API to make session info accessible without an additional password for a limited time. For example one month.

Additional info

For an in-depth review of different methods to make your logs GDPR compliant take a look at the following article: