Running Grafana v5.0.0-beta1
Grafana collects stats on user logins to projects
EU GDPR legistation (from May 25th 2018) has strict regulation concerning PII (personal identifiable information).
What PII does Grafana collect from users by default?
Where it is stored (e.g. database/files)?
How do I manage this data to make it GDPR compliant (e.g. remove IP addresses peridodically, disable PII stats collection etc)?
To be clear I am not referring to data I am collecting and displaying with grafana, I am solely concerned about data grafana collects on user logins to generate user access stats within projects
Thanks
If you are talking about usage statistics, then from my technical point of view (https://github.com/grafana/grafana/blob/ee973a977bdfb52c68bf9f838437a290d273b1ef/pkg/metrics/metrics.go#L349-L408) Grafana doesn’t collect any PII. They are just technical metrics (counters, version reporting, …), so you can’t apply GDPR here. Example output from collected usage statistics: http://play.grafana.org/d/000000134/stats-version-trends?orgId=1
You may have PII in the Grafana logs. But it’s your on-premise Grafana, so you know
how you manage your logs.
1 Like
Thanks for the reply.
That clears things up.
There can be also GDPR problem with various analytics tools, for example Google Analytics. Anonymized IP should be used, because user IP is PII.
