Ninja Firewall and GDPR (General Data Protection Regulation)

  • Resolved Dagmar

    (@fraudiebels)


    6 years, 8 months ago

    As Ninja Firewall is logging IP addresses, which are considered to be personal data by the EU, I would like to ask – what are the plans going to be GDPR (General Data Protection Regulation) compliant for May 2018?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Hi,

    We are compliant:
    -us, NinTechNet: we don’t collect any personal data from your clients.
    -our plugin, NinjaFirewall: it saves IP addresses to the firewall log, and they can be anonymized by enabling the “NinjaFirewall > Firewall Options > IP Anonymization” option.

    Thread Starter Dagmar

    (@fraudiebels)

    Hi,

    that’s good news, thanks for the answer.

    Using a web application firewall which stores IP adresses to avoid attacks is a legimitate interest in relation to Article 6 GDPR. Especially because the GDPR demands state of the art security measurements for IT security.
    Instead of anonymyzing IP adresses I would suggest that deleting the logs after X weeks would be a more appreciate feature.

    Plugin Author nintechnet

    (@nintechnet)

    I’ll check for the log deletion (so far, only the Premium version has an option to delete it), but we were checking whether we could encrypt the log during its rotation. That’s not easy to do because there are two options, “Centralized Logging” and the fact that it is possible to combine all logs from different sites, that aren’t really compatible with it yet. If we can’t encrypt it, we’ll offer to delete it.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Ninja Firewall and GDPR (General Data Protection Regulation)’ is closed to new replies.

Tags