The CNIL even included recommendations for general logging procedures which have included traceability, risk mitigation, and data minimization principles. There were targeted suggestions for specific companies regarding the logging practices. All the recommendations reflected the CNIL authority which aimed to strike a balance between surveillance, security, and risks.
The recommendations made by the CNIL have certain important advice. It advises the logging measures to ensure that the users get authorized access to information systems between 6 months and 1 year. The technical call and organizational measures are implemented to reduce the risk of logging data. A system is recommended by the CNIL which has to be implemented to analyze the data collected in the short term to meet security purposes. The retention of logging data is a very crucial tool highlighted by the CNIL to respect the principle of data security in the GDPR (EU). This helps in investigating incidents, misuse of data, and unauthorized access.
Besides this, CNIL has other recommendations to process subjects in internal control measures for a maximum retention period of 3 years. This is justified in certain data processing scenarios. For example, a significant threat or a legal retention obligation where case by case analysis has to be carried out to determine adequate retention.
Content Writer, WCSF