With a 20 million euro minimum fine on the table, I don't think I'll feel comfortable on this topic until either the law is clarified or someone sets precedent.
My lawyer's great, but he won't be paying the fine if he's wrong.
$20 million isn't the minimum fine. That's the maximum fine for companies with under $500 million in annual turnover.
You aren't going to get the maximum fine unless you are doing something egregious. Collecting the default Apache logs and not using them for anything malicious isn't going to get you the maximum fine or likely any fine at all.
My lawyer's great, but he won't be paying the fine if he's wrong.