I'd be inclined to save the files I really did have a case for saving, and trash the rest. I mean, it's not burningly urgent - but if you do get a GDPR redaction request, they'd definitely count as databases containing personal data. So at least make sure they're on your ever-expanding list of things you need to keep in mind.
That SAAFE policy looks awesome, actually. Nobody knows if "30 days" for sysadmin and security purposes will be 100% legally robust - but it seems to be turning into a reasonable best practice, as far as I can tell.
In the threat model of a GDPR legal battle with a querulous so-and-so, good faith in all other practices concerning personal data will definitely get you a lot of points, and that SAAFE policy is about as safe as it can get - "we actively don't want your personal data except for functionality purposes."
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
(no subject)
Date: 2018-08-04 09:50 pm (UTC)That SAAFE policy looks awesome, actually. Nobody knows if "30 days" for sysadmin and security purposes will be 100% legally robust - but it seems to be turning into a reasonable best practice, as far as I can tell.
In the threat model of a GDPR legal battle with a querulous so-and-so, good faith in all other practices concerning personal data will definitely get you a lot of points, and that SAAFE policy is about as safe as it can get - "we actively don't want your personal data except for functionality purposes."