The GDPR impacts any business that engages with individuals or other businesses located within those boundaries.
A website server log is a record of website activity, which is automatically generated by your web server provider. Site logs capture information such as:
In addition to website server logs, website applications and analytics tracking platforms might also log certain more sophisticated tasks that users perform on a site, as well as changes to account information. This type of logging is similar to website server logging, but can differ on how data is collected and processed.
Take page views, for example. Server logs track all hits to a page, using server-side tracking methods. This means anything the web server recognises as a request gets logged, whether those requests come from real humans, bots, apps or other websites.
While your website or app server logs might not collect information that could personally identify a user, this information may be combined with other data (such as a username, IP address and user profile information) to do so.
In regions where the EU General Data Protection Regulation (GDPR) privacy laws apply, the IP addresses and location data tracked in website server logs are also considered personal data. Given these privacy regulations, you must disclose what types of log data you collect, how and why you intend to use it, and any third parties you may share it with.
Now that you understand how website logs work, you’ll be better equipped to use this unique source of data while protecting your users’ privacy.