Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The regulatory costs of GDPR mean that for every piece of log data, you want to think about whether or not you really want to keep it.

If you don't have a good business case for keeping it, you're often better off erring on the side of deletion.



Both the breach and the fix happened months before GDPR went into effect, though.


Generally you want to build systems in compliance of future regulations before they kick in. GDPR at big companies is a multi year effort.


Even before the GDPR, Google had to contend with the NSA / GCHQ illicit access events and the China hack.

They had plenty of experience to suggest to them that keeping highly-detailed logs around indefinitely could do more harm to their users than good.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: