We are compliant:
-us, NinTechNet: we don’t collect any personal data from your clients.
-our plugin, NinjaFirewall: it saves IP addresses to the firewall log, and they can be anonymized by enabling the “NinjaFirewall > Firewall Options > IP Anonymization” option.
that’s good news, thanks for the answer.
Using a web application firewall which stores IP adresses to avoid attacks is a legimitate interest in relation to Article 6 GDPR. Especially because the GDPR demands state of the art security measurements for IT security.
Instead of anonymyzing IP adresses I would suggest that deleting the logs after X weeks would be a more appreciate feature.
I’ll check for the log deletion (so far, only the Premium version has an option to delete it), but we were checking whether we could encrypt the log during its rotation. That’s not easy to do because there are two options, “Centralized Logging” and the fact that it is possible to combine all logs from different sites, that aren’t really compatible with it yet. If we can’t encrypt it, we’ll offer to delete it.