Image

GDPR compliant logging

When talking about Personal Identifiable Information (PII) we are talking about strong and weak user identifiers. A strong identity for example is a username or email address. Weak identity is an IP address, browser user agent, cookie, or session id. A combination of weak identifiers gives us a strong user identifier.

When saving log events, you can not simply save the customer IP address, browser user agent, or cookie id in the web server or cloud log. Doing so makes your system to be not GDPR compliant unless you do one of the following:

  • Short log retention policy¬†- automatically remove log events older than a few weeks or up to one month.
  • Encrypt all strong and week identities before saving in the log files.
  • Use session token generated by Databunker in your logs.

What is so special about the Databunker session token?

Databunker can generate a special session token to save in the server logs files. Databunker provides you an API to retrieve session info out of Databunker without an additional password for a limited time. For example one month.