> For the complete documentation index, see [llms.txt](https://docs.linuxguard.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.linuxguard.io/audit-and-comply/audit-comply/gdpr.md). # GDPR > **Note**: This page maps LinuxGuard against the EU **General Data Protection Regulation (Regulation (EU) 2016/679)** (effective 2018-05-25). Last verified against the framework on 2026-05-31. Canonical framework document: [EUR-Lex — Regulation (EU) 2016/679](https://eur-lex.europa.eu/eli/reg/2016/679/oj). For the vocabulary contract used here, see [Audit & Comply](/audit-and-comply/audit-comply.md). > **Important**: Under GDPR (Recital 30 + CJEU Breyer C-582/14), IP addresses are personal data when they can be linked to an identifiable individual. The LinuxGuard agent log captures hostnames, source IPs, and command-line arguments verbatim per the [log redaction policy](/operate/operate/log-management.md). Customers processing data subject to GDPR must implement additional log access controls, retention limits, and erasure-on-request capability beyond what LinuxGuard provides. Support bundles also ship logs verbatim — review pre-share PII warning at [operate/support-bundles.md](/operate/operate/support-bundles.md). ## Scope This page maps LinuxGuard's agent and console capabilities against the General Data Protection Regulation (Regulation (EU) 2016/679). The mapping is scoped to Article 32 (security of processing) — technical and organizational measures to ensure a level of security appropriate to the risk — and supporting articles for breach notification (Articles 33-34) and data protection by design (Article 25). Controls in lawful basis (Article 6), data subject rights (Articles 12-22), Data Protection Impact Assessment (Article 35), records of processing activities (Article 30), and the appointment and role of the Data Protection Officer (Articles 37-39) are out of scope for this product and are listed in the mapping table as `Out of scope` rather than omitted. This mapping is informational and not a substitute for an independent legal review by a qualified data protection professional. Customers remain controllers (or processors, depending on context) of personal data and remain responsible for lawful basis determination under Article 6, transparency notices under Articles 13-14, data subject request handling under Articles 12-22, Data Protection Impact Assessments under Article 35, breach notification to the supervisory authority within 72 hours under Article 33, breach notification to data subjects under Article 34, records of processing activities under Article 30, and (where applicable) appointment of a Data Protection Officer under Article 37. ## Shared responsibility > LinuxGuard is a security monitoring agent and console. Compliance with any framework requires customer-side controls in addition to LinuxGuard's capabilities. This mapping is informational and not a substitute for an independent audit by a qualified assessor. The shared-responsibility framing for GDPR Regulation (EU) 2016/679: * **LinuxGuard responsibility.** Produce technical security measures consistent with Article 32(1)(b) (confidentiality, integrity, availability) and Article 32(1)(d) (testing and evaluation) on Linux systems in the customer's processing environment. Maintain the framework version pin and per-control evidence pointers. Capture authentication events, file integrity events, and configuration drift events that may inform breach detection under Articles 33-34. * **Customer responsibility.** Determine the role (controller vs processor) and lawful basis under Article 6, draft and publish transparency notices under Articles 13-14, handle data subject requests (access, rectification, erasure, restriction, portability, objection) under Articles 12-22, conduct Data Protection Impact Assessments under Article 35, maintain records of processing activities under Article 30, notify the supervisory authority of personal data breaches within 72 hours under Article 33, notify affected data subjects under Article 34, appoint a Data Protection Officer where required by Article 37, and implement log access controls, retention limits, and erasure-on-request capability appropriate to the personal data captured in agent logs. * **Out-of-scope domains for this framework.** Lawful basis determination, transparency notices, data subject rights handling, Data Protection Impact Assessments, records of processing activities, Data Protection Officer responsibilities, cross-border transfer controls (Chapter V), and the customer-side governance program. ## Control mapping The Tier column uses one of three labels and only those three: `Satisfies`, `Supports`, `Out of scope`. The Evidence column points to a row of the canonical [Evidence Location](/concepts/concepts/console/compliance-expansion.md#evidence-location) table or to a specific console page. See [Audit & Comply](/audit-and-comply/audit-comply.md) for the three-tier vocabulary contract. | Control ID | Description | Tier | Evidence | Notes | | ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------- | ------------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `Art 5(1)(f)` | Integrity and confidentiality — processed in a manner that ensures appropriate security | `Supports` | Agent log (raw events); Console Zero Trust Enforcement → Config Drift | LinuxGuard provides one technical input (authentication, file integrity, drift) to the integrity-and-confidentiality program. Customer responsible for the overall security program and for access controls beyond the OS layer. | | `Art 24` | Responsibility of the controller — implement appropriate technical and organisational measures | `Supports` | Console Compliance Expansion → Reports | LinuxGuard provides telemetry-driven evidence supporting the technical measures component. Customer responsible for the organisational measures, governance, and the controller's accountability framework. | | `Art 25(1)` | Data protection by design — implement appropriate technical and organisational measures at the time of determining the means of processing | `Supports` | Console Compliance Expansion → control detail; Config Drift events on baselines | LinuxGuard surfaces configuration baselines and drift, contributing to the technical-measures component of data protection by design. Customer responsible for incorporating data protection by design into the broader system development lifecycle. | | `Art 25(2)` | Data protection by default — only personal data necessary for each specific purpose is processed | `Out of scope` | n/a | Data minimisation decisions are a controller responsibility not addressed by LinuxGuard. The agent itself collects only operational metadata for security monitoring purposes. | | `Art 32(1)(a)` | Pseudonymisation and encryption of personal data | `Out of scope` | n/a | Pseudonymisation and encryption of customer's processed personal data are not addressed by LinuxGuard. | | `Art 32(1)(b)` | Ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services | `Supports` | Agent log (raw events); Console Zero Trust Enforcement; Console Infrastructure | LinuxGuard provides continuous monitoring of system integrity (file monitor), confidentiality (authentication events), and availability (agent health) at the OS layer. Customer responsible for resilience design at the architecture layer and for application-layer integrity. | | `Art 32(1)(c)` | Ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident | `Out of scope` | n/a | Backup, recovery, and restoration are not addressed by LinuxGuard. LinuxGuard is a security monitoring agent, not a backup product. | | `Art 32(1)(d)` | Process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures | `Supports` | `linuxguard-agent probe` command; Console Compliance Expansion → History | The probe command tests kernel, BPF, fanotify, netlink, audit, and capability prerequisites on demand. Compliance history surfaces ongoing posture evaluation. Customer responsible for the broader testing program and management evaluation. | | `Art 32(2)` | Risk assessment — take into account the risks presented by processing (accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data) | `Supports` | Console Zero Trust Enforcement → Signals; Agent log (raw events) | Behavioral telemetry and authentication event capture provide visibility into unauthorised access attempts. Customer responsible for the risk assessment itself and the documentation of risk treatment decisions. | | `Art 32(4)` | Steps to ensure that any natural person acting under the authority of the controller or processor with access to personal data does not process them except on instructions | `Supports` | Console Audit pillar → SUDO execution audit; Agent log (raw events) with `loginUID` attribute | SUDO execution audit and `loginUID` capture surviving privilege escalation provide evidence of administrator actions. Customer responsible for the authorisation policy and personnel instructions. | | `Art 33(1)` | Notification of a personal data breach to the supervisory authority within 72 hours | `Supports` | Agent log (raw events) with timestamps; Console Zero Trust Enforcement → Signals; Support bundle | Agent log timestamps and signal records provide the technical timeline evidence supporting breach notification. Customer responsible for the breach assessment, supervisory authority notification workflow, and the 72-hour timeline operationally. | | `Art 33(3)` | Content of the breach notification — nature of breach, categories and approximate number of data subjects and records, contact point, consequences, measures taken | `Supports` | Console Zero Trust Enforcement → Signals; Support bundle; Agent log (raw events) | Signal records, agent logs, and support bundles provide source evidence for the notification content. Customer responsible for synthesising the notification and identifying affected data subjects. | | `Art 33(5)` | Documentation of personal data breaches — facts, effects, remedial action | `Supports` | Console Compliance Expansion → History; Agent log (raw events); Support bundle | Console history and bundle evidence provide the technical documentation surface. Customer responsible for the documentation workflow, remedial action tracking, and the broader incident management program. | | `Art 34` | Communication of a personal data breach to the data subject | `Out of scope` | n/a | Data subject notification workflow and content are controller responsibilities not addressed by LinuxGuard. | | `Art 35` | Data Protection Impact Assessment | `Out of scope` | n/a | DPIA conduct, documentation, and supervisory authority consultation under Article 36 are controller responsibilities not addressed by LinuxGuard. | | `Art 6` | Lawfulness of processing — lawful basis (consent, contract, legal obligation, vital interests, public task, legitimate interests) | `Out of scope` | n/a | Lawful basis determination is a controller responsibility not addressed by LinuxGuard. | | `Arts 12-22` | Data subject rights — transparency, information, access, rectification, erasure, restriction, portability, objection, automated decision-making | `Out of scope` | n/a | Data subject rights handling is a controller responsibility not addressed by LinuxGuard. Customer must implement an erasure-on-request workflow for personal data captured in agent logs (hostnames, IPs, usernames) if their data subjects are within scope. | | `Art 30` | Records of processing activities | `Out of scope` | n/a | Records of processing activities are a controller and processor responsibility not addressed by LinuxGuard. | | `Arts 37-39` | Data Protection Officer — designation, position, tasks | `Out of scope` | n/a | DPO appointment and responsibilities are controller and processor responsibilities not addressed by LinuxGuard. | | `Chapter V (Arts 44-50)` | Transfers of personal data to third countries or international organisations | `Out of scope` | n/a | Cross-border transfer mechanisms (adequacy decisions, Standard Contractual Clauses, Binding Corporate Rules) are not addressed by LinuxGuard. | > **Important**: Every Satisfies claim cites a specific agent feature and a specific evidence pointer. Every Supports claim states what the customer must implement to achieve full satisfaction. Every Out-of-scope row carries a one-line note explaining why — silence is interpreted as an implicit Satisfies claim. ## Agent log content and GDPR considerations Because GDPR treats IP addresses as personal data when linkable to an identifiable individual (Recital 30; CJEU C-582/14 Breyer v Bundesrepublik Deutschland), customers operating under GDPR must consider the following when deploying LinuxGuard: * **Agent log content.** The agent log at `/var/log/linuxguard/agent.log` captures hostnames, source IPs (IPv4 and IPv6), usernames, file paths, and process command-line arguments verbatim. Attribute-key redaction (`api_key`, `*_token`, `*_secret`) is applied at the slog handler; **PII is NOT additionally redacted**. See [Log Management § Redaction Scope](/operate/operate/log-management.md#redaction-scope) for the precise statement. * **Support bundles.** The `support-bundle collect` workflow ships `agent.log` and rotated segments verbatim up to 180 MB. Review the pre-share PII warning at [Support Bundles](/operate/operate/support-bundles.md) before sharing externally. * **Customer controls required.** Implement access controls on the host-level agent log (UNIX permissions, central log management with role-based access), set retention limits consistent with the controller's records-of-processing-activities and storage-limitation principles (Article 5(1)(e)), and operate an erasure-on-request workflow that covers central log archives — see [Log Management § Central Log Collection Patterns](/operate/operate/log-management.md#central-log-collection-patterns) for log-shipping guidance. The IP-as-PII consideration is the load-bearing reason GDPR is a frequent cross-reference from the [Log Management](/operate/operate/log-management.md) and [Support Bundles](/operate/operate/support-bundles.md) pages — those pages name LinuxGuard's redaction scope precisely so GDPR customers can plan accordingly. ## How to share with auditor Three export paths are available, depending on the supervisory authority's or auditor's evidence preference: * **Console Compliance Expansion reports.** Console pillar → Compliance Expansion → Reports produces dated, signed, auditor-shareable evidence packages (PDF / CSV / JSON) per [Compliance Expansion](/concepts/concepts/console/compliance-expansion.md#reports). Each report includes the framework version (GDPR Regulation (EU) 2016/679), last-verified date, per-control coverage, per-server pass / fail breakdown, suppressions in effect, and a manifest with SHA-256 verification. * **Support bundles for host-level evidence.** `support-bundle collect` on each host produces a tar.zst archive with agent logs, redacted configuration, and a bundle manifest — see [Support Bundles](/operate/operate/support-bundles.md). Bundles are useful when the supervisory authority wants raw host-level telemetry rather than a console-rendered report. * **Console CSV / JSON export per control.** Compliance Expansion → GDPR → control detail → Evidence tab exports per-control evidence in machine-readable form for auditors who want to ingest evidence into their own GRC tooling. > **Security Note**: Support bundles include the raw `agent.log` and rotated segments. Attribute-key redaction (api\_key / \*\_token / \*\_secret) is applied; PII (hostnames, IPs, usernames, paths, command args) is NOT additionally redacted. **This is the GDPR-relevant gotcha** — IP addresses in agent logs are personal data under GDPR. Review every evidence package before sharing externally; consider whether the recipient (supervisory authority, auditor, third party) is a controller-side recipient or an external transfer requiring Chapter V safeguards. See [Support Bundles](/operate/operate/support-bundles.md) for the per-file redaction status table. ## Cross-references * [**Audit & Comply**](/audit-and-comply/audit-comply.md) — vocabulary contract, framework version pin reference, forbidden-words list, scope statement template. * [**Compliance Expansion**](/concepts/concepts/console/compliance-expansion.md) — console pillar; canonical Evidence Location pointer set. * [**Audit**](/concepts/concepts/console/audit.md) — authorizations and SUDO execution audit feeding compliance evidence. * [**Support Bundles**](/operate/operate/support-bundles.md) — per-file redaction status table; pre-share PII warning. * [**Log Management**](/operate/operate/log-management.md) — log retention, rotation, and the precise PII-NOT-redacted statement that is load-bearing for GDPR customers. * [**Glossary**](/reference/reference/glossary.md) — framework acronyms and compliance vocabulary definitions. *** *Last reviewed: 2026-05-31 against GDPR Regulation (EU) 2016/679 published 2018-05-25.* --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.linuxguard.io/audit-and-comply/audit-comply/gdpr.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.