Well they’re not. The GDPR says it’s fine to “forget” about users, while the French law says you must keep all connection data for at least one year. In this condition, I host outside France, and “forget” to log IPs. In the past I had /var/log mounted at a tmpfs, so a reboot or seizure of the hardware would erase the logs. That’s the best solution IMO, except for legal reasons. What’s your log policy?
Hey @anap, this counts as a log policy, but I had in mind to develop on implemented solutions. What’s the minimum legal logs that are imposed to all the signatories of this wonderful policy, and how to implement those? Can you develop on the implementation stack?
BTW, the sentence “This is exactly what is happening no with your email…” should read “now with…”