Javascript is required

Connection logs

Paul-Emmanuel Bidault
Paul-Emmanuel Bidault
27 December 2023·2 minutes read time

Logs or connection logs are records of user activities, anomalies and events linked to the security of an IT environment (software, operating system, application, website, etc.).

Their retention is mandatory in certain cases and strongly recommended for security reasons. The objective is to guarantee the proper use of the IT system.

The Frecnh data protection authority, the CNIL recommends that these technical logs or traces should be kept for a rolling period of six months to one year unless there is a legal obligation to do so or you can prove that certain risks can only be covered by extending this period.

The following table summarises the recommendations:

Minimum duration Maximum duration Conditions
Standard" logging 6 months 1 year
6 months 1 year The logs must not include personal data from the main processing operation
Logging of processing operations subject to "internal control" measures 6 months 3 years in the most common cases Demonstrate the risk of misappropriation for the data subjects and have documented analysis and investigation procedures
Logging of processing operations with specific characteristics 6 months To be defined in the case of a case-by-case analysis Existence of a specific characteristic which may, for example, be a legal obligation to retain data, a specific purpose or a threat situation which justifies an extension

What must be retained: at the very least, user access including their identifier, the date and time of their connection, and the date and time of their disconnection;

In some cases, it may also be useful to keep details of the operations carried out by the user, the types of data consulted and the reference of the record concerned.

Subscribe to our newsletter

We will send you a few emails to keep you informed of our news and what's new in our solution

* You will always be able to unsubscribe on each newsletter. Learn more.