compliantkubernetes icon indicating copy to clipboard operation
compliantkubernetes copied to clipboard
verified publisher icon elastisys

[1] Document long-term retention for logs

Open cristiklein opened this issue 3 years ago • 0 comments

Many regulations, including Swedish Healthcare, require a minimum of 5 years log retention.

We determined that offering long-term logs at the platform level runs the risk of GDPR non-compliance. Since logs contain personal data, retention schemes need to be carefully designed together with application-specific recovery processes. Specifically, the design needs to ensure erased personal data (Art. 17 GDPR Right to erasure (‘right to be forgotten’)) is not accidentally restored.

Acceptance criteria

  • There is a public doc page with prose and copy-paste-able code snippets explaining how to set up long-term logs on top of Compliant Kubernetes.

Non-goals

  • Please do not focus on backups as part of these issue. Swedish Healthcare regulations leave the question of retention for backups to be determined by the organization based on a risk analysis.

cristiklein avatar Jun 27 '22 08:06 cristiklein