Guest user Created: Aug 20, 2019 Last commented: Aug 20, 2019

GDPR and processing of personal data

1. We have a subscription based service that stores a users identifying information as well as a transaction history. As this information is only used internally, and is not shared outside of the company, are we still forced to abide by GDPR?

0 0

Assign topic to the user

Select user

Expert

Andrei Hanganu Aug 20, 2019

Answer:

The GDPR applies regardless if the personal data is processed internally or shared with third parties outside the company.

2. Also, are we able to stored IP addresses for the purpose of mitigating DDoS attacks or must we anonymize or use GEO location

Answer:

You may be able to retain IPs based on "legitimate interest" for security purposes such as DDoS attacks. However, the users need to be informed about the processing of their personal data according to art. 13 an 14 of the EU GDPR.

If you need to find out more about the EU GDPR please check out this EU GDPR Foundations Course https://advisera.com/training/eu-gdpr-foundations-course//

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Aug 20, 2019

Expert Advice Community