search

johanhaleby / occurrent

Unintrusive Event Sourcing Library for the JVM
https://occurrent.org
120 stars 16 forks source link

Document GDPR strategies #93

Open johanhaleby opened 3 years ago

johanhaleby commented 3 years ago

E.g.

  1. Write PII to external DB
  2. Write PII events to a different stream (use tx), delete stream when user unregisters
  3. Crypto-shredding
  4. Write PII to the same stream but add metadata to cloudevent so that we can know which fields contain PII. When user unregisters do any of:
    1. Delete all events in stream whose event contains PII
    2. Update and "hash" all events in stream that contains PII
    3. Update and delete all fields marked as PII from all events in the stream