GDPR in logs

June 15, 2017

A GDPR view request generally is based around data of the user with one can identify a single person. There is data like first name and last name together with an email address which makes a pretty high chance to identify a person. I thought of just grepping for the first name and last name and any other identifiable data we got in our logs. Something like

fgrep -R "Homer Simpson" /var/log

But then of course the first name and last name could be split up. So something like this would fit better:

fgrep -R "Homer" /var/log | grep "Simpson"

Also i would run this for every id like an email address:

fgrep -R "homer@simpson.com" /var/log

This covers up the logs for now in a simple way. Of course it gets more complicated. :)