New minimum standard for logging

In an increasingly digitalised world, in which data is considered the most valuable resource, the protection and structured processing of this data plays a central role. Companies, authorities and organisations are not only confronted with growing demands on IT security, but also with strict legal requirements in the area of data protection. A central aspect of this is the responsible handling of protocol data – in particular with regard to its storage and deletion.

Retention periods and deletion concepts are therefore not just technical details, but a crucial factor for the legally compliant and secure design of modern IT infrastructures. They are particularly important in the area of protocol monitoring, where data is often processed in large volumes and with a high degree of sensitivity. Transparent and controlled handling of this information is essential to minimise risks and meet compliance requirements.

Why are storage periods and deletion concepts so important?

Article 5 of the European Union's General Data Protection Regulation (GDPR) explicitly requires that personal data may only be stored for as long as is necessary for the purpose of its processing. This requirement applies not only to obvious personal data such as names or addresses, but also to technical protocol data – such as IP addresses, user IDs or access logs – provided that these can be traced back to a natural person.

Legal protection and avoiding sanctions

A key driver for the consistent implementation of storage periods is therefore the legal framework. If data is stored longer than necessary or if structured deletion concepts are missing, there is a risk of severe penalties. The GDPR provides for fines of up to 20 million euros or 4% of a company's worldwide annual turnover – whichever is higher. In addition to these financial risks, the loss of reputation should not be underestimated. Data protection violations can permanently damage the trust of customers, partners and the public.

Security aspects

But even apart from the legal level, storage periods and deletion concepts are highly relevant from a security point of view. Old or unused data poses a potential risk – whether through unauthorised access, data leaks or malware that specifically targets archived information. Reducing the amount of data stored also reduces the so-called ‘attack surface’ of a system. The principle of data minimisation – a core component of data protection – also increases security.

Optimisation of the IT infrastructure

Last but not least, structured data storage also has economic and technical advantages: storage capacities can be used more efficiently, backup times can be reduced and monitoring processes can be streamlined. Systems that are not burdened with unnecessary legacy data perform better and are more reliable. This is an important contribution to the stability and scalability of the infrastructure, especially in highly networked and dynamic IT landscapes.

BSI requirements and log monitoring

The German Federal Office for Information Security (BSI) sets important guidelines for secure IT operations in Germany with its minimum standards. Version 2.1 of the ‘Minimum Standard for Logging and Detecting Cyber Attacks’ is particularly relevant here. This guideline specifies requirements for logging security-related events and also contains, among other things, provisions for the storage and deletion of log data.

A central element is requirement PD.2.1.04 c, which states that log data may only be stored for as long as is necessary for the respective purpose. At the same time, however, it must be ensured that data is available if needed to investigate security incidents. This results in a conflict: on the one hand, data should be deleted at an early stage, but on the other hand, its integrity and availability for forensic purposes must be guaranteed. This conflict requires well-thought-out, documented and regularly reviewed deletion concepts.

Log data typically includes information on user logins, system access, network connections, file changes and other activities. This data helps to detect anomalies, track incidents and comply with internal and external security policies. It is a central element of the IT security architecture – but it also poses a potential risk if it is stored unchecked.

The role of tools like LOMOC

Implementing legal and security-related requirements in the area of log monitoring is complex and involves a great deal of manual work – especially in heterogeneous IT environments. This is where specialised software solutions such as LOMOC come into play. LOMOC stands for Log Monitoring and Compliance and helps companies to implement retention periods and deletion requirements efficiently and in compliance with the regulations.

Automation and efficiency

LOMOC makes it possible to define granular retention periods for different types of log data and to implement automated deletion processes. This ensures that data is not stored longer than necessary – fully in line with the GDPR. At the same time, automation relieves the burden on IT departments, which no longer have to manually clean up data.

Verifiable compliance

Another advantage lies in the documentation: LOMOC can provide precise reports on what data was deleted when, on what basis this was done and what time limits were applied. Such reports are invaluable in the event of data protection audits or official requests. This means that companies can not only implement their compliance, but also prove it – a crucial aspect in the context of the accountability of the GDPR.

Resource optimisation

LOMOC helps to reduce storage requirements through targeted archiving and intelligent analysis of log data. Only truly relevant data is stored long term, while redundant or outdated information is automatically deleted or relocated. This leads to a sustainable optimisation of the storage infrastructure and can also reduce costs.

Best practices for storage periods and deletion concepts

The introduction of a functioning deletion concept should not be a one-off project, but an ongoing process. The following best practices help to establish effective and compliant data management in the area of protocol monitoring:

Analysis of the data life cycle

Before storage and deletion rules can be defined, a thorough analysis of the data life cycle is required. This should include identifying which log data is created in which systems, for what purpose it is processed and how long it is needed for this purpose. This analysis forms the basis for informed decisions and prevents data from being stored unnecessarily or for too short a period. It creates transparency regarding data flows and helps to identify and clean up redundant or outdated data sources.

Definition of clear guidelines

Based on the analysis, companies should define precise and comprehensible guidelines for the storage and deletion of log data. These must be in line with legal requirements – such as the GDPR or industry-specific regulations. Internal requirements such as retention obligations for security, audit or compliance reasons should also be taken into account. It is important that the guidelines are comprehensible and feasible for everyone involved and that they are set out in appropriate documents.

Technical implementation

Guidelines alone are not enough – they must also be implemented in a technically effective way. This requires suitable tools and systems that enable automated compliance with storage periods and deletion requirements. Tools such as LOMOC make it possible to configure rules across systems and design processes efficiently. Security aspects such as access controls and logging of deletion operations should also be taken into account. Technical implementation is the key to operational reliability and long-term compliance with the defined standards.

Regular updates

Laws, technologies and operational requirements are constantly changing, which is why storage and deletion concepts must also be regularly reviewed and adapted. New IT systems, changes to data processing procedures or amended legal requirements make it necessary to evaluate existing guidelines at set intervals. Ideally, this should be done as part of a cyclical process within IT or data protection governance. Only in this way can the concept remain permanently effective, up to date and legally watertight.

Training and awareness

To ensure that storage and erasure concepts are not just on paper but are actually implemented in everyday life, training and awareness-raising among employees is crucial. In particular, people who work with log data should be regularly informed about applicable guidelines, legal bases and technical processes. Awareness-raising measures help to create a common understanding of data protection and IT security and to avoid errors or violations in the handling of sensitive data.

Ensure auditability

An erasure concept must not only be effective, but also verifiable. This means that all processes related to storage periods and deletions should be documented in a comprehensible manner. This includes, for example, deletion logs, rule definitions, responsibilities and evidence of measures carried out. A high level of auditability facilitates internal controls, data protection impact assessments and external audits by supervisory authorities. It creates trust and serves as proof of systematic and legally compliant data processing.

Conclusion

Storage periods and deletion concepts are much more than a necessary evil for complying with legal requirements – they are an integral part of modern, secure and efficient IT operations. Particularly in the area of log monitoring, they make a decisive contribution to reducing risks, protecting privacy and complying with regulatory requirements.

With the increasing digitalisation and the associated increase in protocol data, professional data management is becoming a prerequisite for business success. Those who act quickly, take a structured approach and rely on modern tools such as LOMOC not only ensure legal security, but also technical and organisational resilience. This makes the responsible handling of data a real opportunity – for more trust, more security and more efficiency.