With regards to GDPR, we received the following questions regarding the use of IIS with DataMiner:
Does this web server log incoming requests and errors in a regular log file or similar?
How long are these records kept, and can this be configured?
To my knowledge, DataMiner doesn't do any supplementary logging in terms of user activity on the Microsoft IIS level as compared to the standard logging that Microsoft does with this product. So, that means that this question then boils down to standard logging done by Microsoft in IIS, and whether that is GDPR compliant (it would be surprising if it were not, I would say), how long those records are kept and whether this can be configured. This help file seems to elaborate on the standard logging features available for Microsoft IIS, and what kind of information it can store.
The first logging that starts by DataMiner is once the user is authenticated. From that point onwards, information is stored about who logged in to DataMiner, from which machine, and a broad range of activities in DataMiner (for example: which elements were accessed in DataMiner, what kind of settings were performed, what kind of changes were made to the configuration of DataMiner such as assigning an alarm template, adding elements, views, etc.). Most of this is logged as so-called information messages, although there will be traces of user activity maybe also in log files in DataMiner. The life span of all of these, both information messages and log files, are entirely user-definable.
To complement the above, and FYI, a general explanation about how DataMiner ensures GDPR-compliant processing of data can be found in the FAQ: https://community.dataminer.services/documentation/faq-general/#GDPR_compliant