With the new GDPR regulations, does that mean I have to destroy or encrypt logs? If so when?
If the logs contain personal data, e.g. not just an email address, but also either the subject or body content, then yes, and this needs to be destroyed after the shortest time possible for business or legal reasons. We would also recommend encrypting the logs in this case. If they do not contain personal data you can keep them as long as you like under GDPR.
To minimize your risk and ensure your compliance click here