xtagon
commented
1 year ago Are there any quirks/side effects/caveats with regards to event handlers and process managers after hard deleting a stream via https://github.com/commanded/eventstore/pull/203 ?
For example, if a process manager is holding state for a process that depends on events from a hard deleted stream, does it stop the process automatically? And how would you delete data that projections/handlers persisted--is there a "HardDeletedEvent" they need to listen for to clean up?
How to comply with GDPR regulations which require personally identifiable information (PII) to be removed upon request. This is problematic with immutable, persistent event streams.
There are three possible solutions:
"Crypto-shredding"
PII data is stored encrypted in events and decrypted on read. The encryption key can later be "forgotten" to prevent decryption. Not being able to read the PII data is equivalent to having deleted the data.
External PII data store
Use a mutable data store, such as a SQL database, for all PII data and only store a reference to the external data store within your events. PII data must be read from the external store when events are read. PII data can be deleted from the external store. Attempting to read deleted PII data will return an appropriate error to indicate it has been removed.
Mutable events / streams
Allow events or streams containing PII to be updated or deleted.
Note: EventStore has support for hard deleting streams.