NGINX and Apache web server logs contain IP addresses, which are now defined as personal data and require special consideration under the EU’s new data protection regulation. Personal data should be encrypted and access should be limited. This article outlines one way you can achieve GDPR compliance with your server logs using logrotate and gnupg, and the legal basis under which you can store data without consent.