anonym.legal

By · Last updated 2026-06-05

Späť na blogTechnické

Anonymizacia logov pre GDPR: Zachovajte ladiace schopnosti

Aplikacne logy ticho hromadia emaily pouzivatelov, IP adresy a cisla uctov. Tu je postup, ako zdielat logy s tretimi stranami, dodavatelmi a nastrojmi pre pozorovatelnost bez porusenia GDPR.

June 5, 20267 min čítania
JSON logsGDPR complianceDevOps privacylog anonymizationdata minimization

OOU sa schovavaju v aplikacnych logoch

Logy aplikacii su jednou z najviac prehliadanych ploch GDPR v oblasti inzinierstva. Nie preto, ze by inzinieri ignorovali zakon. Ale preto, ze detaily pouzivatelov vstupuju do logovych suborov nahodou.

Jeden JSON log poziadavky moze obsahovat stiri polia OOU:

{
  "timestamp": "2025-11-14T09:22:13Z",
  "level": "ERROR",
  "endpoint": "/api/users/profile",
  "user_email": "sarah.johnson@company.com",
  "client_ip": "82.123.45.67",
  "user_agent": "Mozilla/5.0",
  "error": "ValidationError: phone format",
  "input_value": "+49 176 1234 5678"
}

Tento jedinecny zaznam obsahuje email, IP a telefonne cislo. Vynasujte to napriec milionmi dennymi volaniami API. Vysledkom je rozsiahla aktivita s OOU. Potrebuje pravny zaklad, limity a kontroly.

Zdielanie logov s tretimi stranami zvysuje riziko GDPR

Timy pravidelne zdielaju logove subory s externymi stranami:

  • Firmy pre penetracne testovanie dostavaaju zaznamy na mapovanie spravania aplikacie
  • Externie konzultanti pouzivaju vzorky logov na hladanie pomalsich miest
  • Platformy logov (Elastic, Datadog, Splunk) prijimaju plne vystupne toky
  • Dodavatelia SRE pristupuju k zaznamom pocas incidentov
  • Vyvojarske timy v inych pravnych entitach dostavaaju subory na ladenie

Kazde zdielanie vyvolava otazky GDPR clanku 28. Je prijemca spracovatelom? Existuje Dohoda o spracovani udajov? Maju pravny zaklad na videnie detailov pouzivatelov v tychto suboroch?

Platformy logov su beznou medzerou. Odosielanie vystupu so skutocnymi emailmi a IP adresami pouzivatelov do Elastic Cloud alebo Datadog vytvara spracovatelske spojenie. Toto spojenie potrebuje DPA, standardne klauzuly a prenosovy nastroj, ak platforma sidli mimo EU. Kazde z toho si vyzaduje cas a pravnu kontrolu.

Jednoduchsia cesta: odstrante detaily pouzivatelov pred tym, ako subory opustia vas system. Precitajte si nasu prirucku k sulade pre plne pravidla clanku 28.

Preco struktura JSON komplikuje detekciu

Logove subory JSON sa lissia v strukture. Genericke textove skenovanie nestaci.

Hlbka vnorenia: Detaily pouzivatelov sa objavuju v akejkolvek hlbke. Pole request.headers.x-forwarded-for obsahuje IP adresy. Pole response.body.errors[0].field_value moze obsahovat vstup pouzivatela. Ploske textove skenovanie prehliadne polia zanorene v vnorene cestach.

Nekonzistentne schemy: Kazdy endpoint API produkuje vlastny tvar vystupu. Subory autentifikacie vypada inak ako subory platob. Subory aktualizacie profilu vypada inak ako obe. Pristup s pevnou cestou prehliadne detaily pouzivatelov, ktore sa objavuju na neobvyklych cestach v chybovych kontextoch.

Technicke hodnoty zmieszane s OOU: Tracky zasobnika, chybove kody a casove razitka musia zostat nedotknutymi. Ploskove mazanie vymazava potrebne polia a robi subor nepoitielnym.

Spravnym pristupom je detekcia zalozena na obsahu. Najdite detaily pouzivatelov podla toho, co su - emailovy vzor, format IP, pomenuvana entita - nie podla toho, kde sa nachadzaju v strukture. Toto spracovava variabilne schemy bez nastavenia pre kazdy endpoint.

Konzistentna nahradsda udrzuje logy uzitocnymi

Klucovym poziadavkom je referencna integrita. Ak sarah.johnson@company.com sa objavuje v 47 zaznamoch cez retazec poziadaviek, vsetkych 47 musi mapovat na rovnaku hodnotu.

Pravidla mapovania:

  • sarah.johnson@company.com -> user1@example.com (rovnaka hodnota v celom subore)
  • 82.123.45.67 -> 192.0.2.1 (dokumentacna IP RFC 5737 - jasne nie skutocna)
  • +49 176 1234 5678 -> +49 XXX XXX XXXX (maskovana)

S tymto mapovanim moze vyvojar sledovat user1@example.com cez 47 zaznamov, rekonstrovat retazec poziadaviek a opravit chybu - bez toho, aby videl akekolvek skutocne detaily pouzivatela.

Tieto polia metadat zostanu nezmenene:

  • Casove razitka (nie su to udaje pouzivatela)
  • Chybove kody a typy (nie su to udaje pouzivatela)
  • Tracky zasobnika (mozu obsahovat technicke ID, nie udaje pouzivatela)
  • HTTP metody, cesty, stavove kody (nie su to udaje pouzivatela)
  • Hodnoty metrik a latency (nie su to udaje pouzivatela)

Vysledkom je subor, ktory funguje pre ladiace prace. Neobsahuje ziadne skutocne detaily pouzivatela. Pozri nase terminologicke vysvetlivky pre rozdiel medzi anonymizaciou a pseudonymizaciou podla GDPR.

Pripad pouzitia: Zdielanie logov pre penetracne testovanie

Firma SaaS spustila ctvrtrocnu bezpecnostnu kontrolu s externym timom pre penetracne testovanie. Rozsah vyzadoval 90 dni produkcneho vystupu API na mapovanie tokov autentifikacie a analyzu vzorcov chyb.

Surovy objem: 180 MB JSON suborov. Pocet OOU: 4 200 jedinecnych emailov pouzivatelov, 1 800 jedinecnych IP, 340 ciastocnych cisel uctov v chybovych kontextoch.

Bez predchazdajuceho odstranenia detailov pouzivatelov by zdielanie tychto suborov vyzadovalo:

  • DPA s firmou pre penetracne testovanie
  • Prenosovy nastroj GDPR clanku 46 (firma sidlila mimo EU)
  • Kontrolu oznamenia dotknutym subjektom

Kazde z toho prida pravnu pracu a cas.

S aplikovanym maskovnaim OOU:

  • Cas spracovania: 25 minut pre 180 MB
  • Vystup: 180 MB strukturalne identicke subory, vsetky emaily a IP nahradene bezpecnymi hodnotami
  • Vysledok: tim pre penetracne testovanie dostal plny kontext; ziadne skutocne detaily pouzivatelov ich nedosiahli
  • Vysledok GDPR: DPA nie je potrebna - anonymizovany vystup nie je podla GDPR udajmi pouzivatela

Pozri nase FAQ pre bezne otazky o tom, co sa pocita ako anonymne podla GDPR.

Integrovanie maskovania OOU do CI/CD

Pre timy, ktore pravidelne zdielaju vystup, moze tento krok bezat vnulri existujucich pipelinov.

Rotacia logov:

  1. Skript rotacie bezi nocne
  2. Krok maskovania bezi pred archivovanim alebo odoslanim na akukolvek platformu logov
  3. Maskovane subory idu do externach systemov
  4. Povodne subory zostanu interne s plnym uchovanim

Skript pred zdielanim:

  1. Inzinier potrebuje zdielat vzorku s dodavatelom
  2. Spusti skript: input=raw-logs/ output=clean-logs/
  3. Zdielja priecinok clean-logs/
  4. Nie je potrebna manualna kontrola OOU

Pristup bocinej lode:

  1. Bocna lod maskuje vystupny tok pred jeho preposlaniem
  2. Maskovanie v realnom case udrzuje uzitocnost pre analyzu logov
  3. Platforma dostane nulove skutocne detaily pouzivatela

Integrovanie politiky uchovavania

GDPR clanok 5(1)(e) vyzaduje obmedzenie ukladania. Maskovanie OOU sa hodi do akejkolvek politiky uchovavania.

  • Surovy vystup uchovavany 7 dni (pre kazddenne ladiace prace)
  • Maskovane verzie uchovavane 90 dni (pre analyzu trendov a kontrolu incidentov)
  • Krok maskovania bezi na 7. den

Toto splna obmedzenie uchovavania. Odstrancuje riziko dlhodobeho uchovannia sureho vystupu.

Zdroje

Súvisiace články

Technické

Cross-Platform PII: Mac, Linux, and Windows

Privacy officers on Mac, legal on Windows, data engineers on Linux — all processing the same data with different tools. Here's why OS-agnostic detection.

Technické

Cross-Application PII: Word, Chrome, and AI

Customer data flows from browser research to Word drafts to Claude prompts. Each context switch is a potential leakage point.

Technické

GDPR in App Logs: JSON PII Compliance

Application logs contain customer email addresses, IPs, and account numbers that GDPR Article 5(1)(e) requires be managed.

Pripravení chrániť vaše údaje?

Začnite anonymizovať PII s 285+ typmi entít v 48 jazykoch.

Začať bezplatnú skúšobnú verziuZobraziť funkcie

About this page

We update this page when our platform or the law changes.

Read our founder note for how we work.

Each change shows up in the timestamp at the top.

Related reading

We follow these rules

  • GDPR (EU 2016/679).
  • ISO/IEC 27001:2022.
  • NIS2 (EU 2022/2555).
  • HIPAA safe harbor under 45 CFR § 164.514(b)(2).

Our promise

We do not sell your data.

We do not train models on your text.

We store your files in Germany.

You can delete your account at any time.

You own your work.

Where we run

Our servers live in Falkenstein, Germany.

We use Hetzner. They hold ISO 27001 certification.

All data stays in the EU.

Backups run every day.

Need help?

Email support@anonym.legal.

We reply within one business day.

How we test

We run a full check suite on every release.

Each surface gets its own sweep script and report.

Human reviewers spot-check the output each week.

We track recall and precision on a labelled set.

Bad runs block the deploy.

What we never do

  • We never sell your information to third parties.
  • We never train models on what you upload.
  • We never keep your work after you delete it.
  • We never share keys with any outside firm.
  • We never run ads inside the product.

Plans in plain words

We sell credits, not seats.

One credit covers one short job.

Long jobs use a few credits each.

You can top up at any time.

Unused credits roll over each month.

Read the plans page for current rates.

Who built this

A small team of engineers and lawyers built this.

We ship from Europe and work in the open.

Our founder note spells out why we started.

Where to start

How the parts fit

A browser add-on cleans text inside Chrome.

A Word plug-in handles drafts in Office.

A small desktop tool works on whole folders.

An agent protocol link feeds large models safely.

All four share one core engine and one rule set.

Words from our team

We started this work after a lunch about cookies.

One friend kept getting odd ads on her phone.

We asked why a court file leaked through a draft.

We sketched the first build on a napkin that week.

By month three we had a tiny demo for a friend.

She used it on her first case the next day.

Common questions we hear

Can the tool read scanned PDFs? Yes, with OCR.

Does it work on long files? Yes, in small chunks.

Can I roll my own rule set? Yes, save it as a preset.

Does it run offline? The desktop build runs offline.

Do you keep my files? No, the cloud build wipes after each run.

Will it learn from my work? No, we never train on inputs.

A short tour of the workflow

Upload a file or paste a snippet of prose.

Pick the entities you want gone from the draft.

Choose a method: replace, mask, hash, encrypt, or redact.

Press run and watch the side panel show each hit.

Skim the result and tweak any rule that misfired.

Save the cleaned file or send it to a teammate.