IP addresses are personal data according to GDPR as far as I know. Whenever customer registers, I log IP address, timestamp, other details which are given by the customer such as name, address etc. After that, when customer logs in again with the same IP address, do I have to log that login with new timestamp?If I don't log every login and when customer asks for GDPR data, I will only be able to provide IP addresses he/she was having with only one timestamp, not subsequent logins' timestamps.Is this a good implementation or wrong/inadequate in terms of regulation/law?
↧