enter a valid email wrote: ↑
Mon Sep 09, 2019 1:55 pm
The problem some Information must be stored by Law for a long period of Time like offers and other who I could ne translate well.
Like a Bill who must be stored for 6 Years here. The include often Multiple Personal Data.
True, the GDPR explicitly allows to be uverruled by any other law that requires a entity to store data. Tax and banking laws being the most prominent.
But there is no regulation that requires you to store IP addresses of users when they login, nor is there any reason to log their activity in the phpBBs logs for an indefinite amount of time. In any case, these information has to be machine readable, exportable, and deletable to comply with GDPR, so for full compliance these entries have to be anonymised, at least.
Same goes for web server logs.... if they aren't needed for debugging, there is no legitimate reason to keep them longer than necessary.
I don't know what "necessary" is, nobody does until there are the first court rulings, whoever my form tells me that on Thursday 27. Oct 2011, 15:40 user Hamisch from IP 130.83.xxx.xxx added the user "Turm" to group "Kust Lag".
I can see, that this information provides some information, but the IP really doesn't give any meaningful aspect any more. And if either Hamisch or Turm were to request of deletion of the personal information phpBB doesn't provide the means to anonymise their entries in the logs, or does it ?