Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [gdpr]

General Data Protection Regulation (GDPR), EU regulation 2016/679

The European Data Protection Regulation (GDPR) will be applicable as of May 25th, 2018 in all member states to harmonize data privacy laws across Europe.

  1. This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.
  2. This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.
  3. The free movement of personal data within the Union shall be neither restricted nor prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data.
14 questions
28
votes
6 answers

Have a system that expires SSH keys every 90th day

I have a customer that now requires us to change every password every 90th day due to their interpretation of GDPR. That's fine for the web-based system we develop for them because we can just implement those rules. But they also require us to…
mr D
  • 280
  • 1
  • 3
  • 5
11
votes
1 answer

Can you help me with my GDPR issue?

This is a Canonical Question about interpreting the GDPR as discussed on meta. While Server Fault may help you when you have a specific problem on implementing something related to the regulation, general questions about GDPR compliance are too…
Esa Jokinen
  • 43,252
  • 2
  • 75
  • 122
7
votes
2 answers

Is it still allowed to have log files under the new GDPR?

Is it still allowed to have server access log files under the new GDPR? Because of the gathering of IP addresses is not allowed, I can imagine that system operators are in violation of the law in countries where the GDPR is active. Edit (thanks to…
C.A. Vuyk
  • 612
  • 10
  • 17
6
votes
1 answer

How to create a GDPR compliant HTTP server access log with focus on remote IP anonymization and nginx?

EU's General Data Protection Regulation (GDPR), and the German DSGVO implementation, are very strict when it comes to individual-related data (such as IP addresses). However this question is not about the GDPR, but how to implement the regulation…
burnersk
  • 1,966
  • 4
  • 25
  • 38
4
votes
1 answer

Configuring NGINX for GDPR (= RGPD, DSGVO) compliance using anonymized IPs on older log files

The European General Data Protection Regulation Law (GDPR) aims to protect end users privacy. Among many other consequences, system administrators are therefore obliged to configure their systems in a way that they do not store IP addresses for…
Mischa
  • 183
  • 8
2
votes
0 answers

How to prevent the client IP adress from being written to nginx error log

I can use log_format to remove the client IP from being written to the nginx access log. However, the error log always seems to include the client IP: 2018/05/18 15:43:55 [crit] 1234#1234: *1014 stat() "/var/www/initech/widgets.js" failed (13:…
The Reverend
  • 21
  • 2
2
votes
1 answer

How to setup logrotate with GPG to encrypt for GDPR?

As per GDPR all private data should be encrypted, so I need to encrypt all logs and retrieve them for auditing. I have chosen to perform the encryption during log rotation and to use GnuPG as my encryption method, but don't know how to invoke the…
Debashish Kumar
  • 41
  • 7
1
vote
0 answers

Emails from my server are considered as spam on hotmail

Well all is in the title. How to be removed from their spam list? We don't use external email provider for now. We respect emails good practices: signed email, unsubscribe link, dest email... Here are different tests, nothing bad reported:…
Tokeeen.com
  • 111
  • 4
1
vote
0 answers

NGINX: Map IP to ASN

in Preparation for GDPR I want my NGINX to not log IP's any longer, but log the AS Number. To map the ip to an AS number, I would use the BGP datasets from Ripe, and import them in an MySQL table. But: How do I map the Data inside NGINX? Is the…
margau
  • 31
  • 2
1
vote
1 answer

Providing total user anonymity in an Azure web application

For a potential project, we are tasked with developing a website (API/SPA principle) which has a paramount requirement of keeping personally identifiable information (PII) about its visitors anonymous, and the data they provide encrypted at rest.…
Alex
  • 261
  • 1
  • 3
  • 8
0
votes
1 answer

How to delete all information belonging to an ejabberd vhost?

Deactivating an ejabberd vhost is easy. In the simplest case, just remove the entry from the hosts section in /etc/ejabberd/ejabberd.yml. I presume this does not delete any information about the users related to that host: Username Password (if not…
Marcel Waldvogel
  • 123
  • 4
0
votes
1 answer

How to make grafana GDPR compliant

Running Grafana v5.0.0-beta1 Grafana collects stats on user logins to grafana projects. EU GDPR legistation (from May 25th 2018) has strict regulation concerning PII (personal identifiable information). Does anyone know what info Grafana collects…
Compendius
  • 21
  • 3
0
votes
1 answer

How should a US based server avoid GDPR?

The last time I built a serious website was back in the early 90s. Web construction back then was straightforward -- build the site and publish for the world to access. Today's web technology has vastly improved, but various artificial impediments…
Charles T.
  • 11
  • 2
-1
votes
1 answer

MySQL 5.7 and GDPR

Hella ! I know how GDPR requires me to hide all personal data and make it impossible to get a match on any living person with any combination of the tables records. But any of you have experience about setting up the server itself GDPR ready? I mean…
Bert
  • 984
  • 1
  • 11
  • 29