Start a new topic

Logging level due to GDPR on user level

Due to GDPR I think it will come a demand of logging users on user level, and this on the server.

The log we need is

  • Timestamp (logged on - logged off)
  • User (or PC-name)
  • Which connection it was.

As for now we haven't had any questions regarding this yet, but I think it's better to be ahead then behind.

1 Comment

Hi Reine,

I strongly recommend you consult a legal expert regarding your exact GDPR requirements. GDPR is designed to protect the personal data (such as your IP address, mailing address, phone number) of your customers, so it cannot leak or be easily stolen. It also addresses the right to delete personal data for your customers. Accessing servers or storing data in Royal TS in general is not GDPR relevant. Think about Microsoft Excel, for example. You can install and use Excel to store sensitive information like credit card information, customer information or even passwords. Microsoft has no GDPR obligations by providing the Excel application. It is, however, relevant where you store this information. If you store it on your hard disk or in your datacenter, it is your responsibility to keep this information confidential. If you store this in the cloud (One Drive), Microsoft has to be GDPR compliant. Since we do not host anything you do in or with Royal TS and Royal Server, it is up to you to protect your Royal TS documents (using encryption and secure networks).

Auditing the access to the servers which store personal data (for example a database server with sensitive user information) might be GDPR relevant. In case you have an incident where the personal data you have stored has been leaked you may need to figure out who accessed the data and when. In this case it’s recommended to utilize the built-in audit logs of Windows Servers or auditing mechanism of your database system. Furthermore, the logging provided by Royal TS and/or Royal Server may not cover all the ways your system can be accessed. Your admins may still have access to those systems using different client applications or by using different gateway servers.

That being said, Royal Server’s Secure Gateway can be configured to log the following data:

  • Timestamp
  • Username / IP Address of the client
  • Target IP Address and Port

I hope that makes sense. If you have any further questions, let me know.


Login or Signup to post a comment