Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Contributor

GDPR - Right to forget

Currently doing a GDPR course, am running Identity Awareness, and wondering how I would handle a request to forget in my logs.  My associates in Europe must have run across this already....what have you done?  Thank you in advance.

0 Kudos
1 Reply
Highlighted
Admin
Admin

In essence, this is legal question, not a technical one. But there are some things that you can address with tech means.

1. Configure  admin profiles with hiding user identities for regular admin accounts. Configure another emergency profile with full permissions. Only use emergency profile in case of escalated security breach.

2. Configure reasonable log rotation and destruction policy. Mind, certain regulations require you to keep log history for an extended period of time. 

3. Consult with lawyers. Right to forget only applies to specific cases and is not absolute. You are allowed to keep security logs for specific purposes, under condition user identities are not available by default. This depends on your business and industry data. Legal counsel here is a must.