> On 27 May 2018, at 21:41, Owen DeLong <o...@delong.com> wrote: > > The way GDPR is written, if you want to collect (and store) so much as > the IP address of the potential customer who visited your website, you > need their informed consent and you can’t require that they consent as > a condition of providing service.
What we were told is that since security > GDPR, storing IPs in logs is obviously OK since it’s a legal requirement. Storing them in a database for targeting / marketing is not. What is a gray area so far is any use of IDS/IPS… +