GDPR Scaremongering

With GDPR about to launch the number of so-called experts creeping out of the woodwork is just insane. GDPR scaremongering is rife with clowns saying this or that will happen when they haven’t a fucking clue what they are on about. In my opinion, I would guess that if this is going to be policed anytime soon then the Government will go after the large companies who are not compliant. The small businesses out there trying to make ends meet are not likely to be on the radar as there are millions of websites out there and will be impossible for anyone anytime soon to police every website out there.

It’s another fucking Government tax

These ruthless bastards have nothing better to do that come up with a new law and look to fine businesses to generate some more money that will end up being ploughed into no good. Any way to generate revenue seems to be the thinking behind this how it will ever be policed properly is anyone’s guess, but the number of shit that’s online I would hang fire before shitting your knickers and see how this pans out. It will not be the end of the world and websites will still remain live despite the fact that they are not GDPR compliant.

Benefits of GDPR?

  • No more whois data being released
  • No more spamming from idiots
  • We get to charge people to add privacy policies
  • We can make up some shit to look like an authority in this niche
  • We can regurgitate some shit from someone else and make it sound like my own

Server Logs Part of GDPR?

Personal data in server logs

The default configuration of popular web servers including Apache Web Server and NGINX collect and store at least two of the following three types of logs:

  1. Access logs
  2. Error logs (including processing-language logs like PHP)
  3. Security audit logs (e.g. ModSecurity)

All of these logs contain personal information by default under the new regulation. IP addresses are specifically defined as personal data per Article 4, Point 1; and Recital 49. The logs can also contain usernames if your web service uses them as part of their URL structure, and even the referral information that is logged by default can contain personal information (e.g. unintended collection of sensitive data; like being referred from a sensitive-subject website).

If you don’t have a legitimate need to store these logs you should disable logging on your web server. You’re not even allowed to store this type of information without having obtained direct consent for the purposes you intend to store the information for from the persons you’re storing information about. The less customer information you store the lower the risk to your organisation.

What the Fuck Else is Part of GDPR?

No-one actually fucking knows until they start taking action against people then this is all rumour spreading and scaremongering, it seems quite clear that the goalposts for GDPR move on a daily basis and its also a bit like a game of Chinese whispers where every fucker out there adds his own little bit onto the rules and people then people start to believe this shit. My advice to you all would be to ensure that you keep up to date with whats going on, use someone else’s privacy policy for the time being and seeing how the land lies and then tweak your policies.