IT should retain logs that show access, changes, incidents, and response actions affecting personal data.

Why this matters

Logs are critical for breach assessment and regulatory defence.

Common evidence sources

• Access and authentication logs
• Network and application logs
• Backup and recovery records
  
  

Retention considerations

• Proportionate retention periods
• Secure storage
• Easy retrieval
  
  

Evidence of good practice

• Logs linked to incident records