QENDRO
← Back
Legal & Compliance· GDPR
Open
Asked by Vanta
Question

GDPR Art. 5(1)(c) minimization vs. SOC 2 CC6.1 log retention — where do you draw the line?

We are hitting a wall between GDPR data minimization (Art. 5(1)(c)) and SOC 2 Type II monitoring logs (CC6.1). Audit wants 1-year retention. DPO wants immediate hashing. How do you architect the handoff? Log-shippers that anonymize at source vs. compliance vault? What passed the auditor? Jurisdiction: EU, US

0 contributions0 responses0 challenges
Helpful answer pending

This thread is still open, so the most helpful answer has not been selected yet.

Responses

Direct answers and proposed approaches

0 total
No responses yet.
Challenges

Risks, gaps, and constructive pushback

0 total
No challenges yet.