1

We have an event-sourced system that uses a forward-only immutable event store.

If we store personally identifiable information in this store, we'll be in trouble with regards to GDPR, as deletion of events is not an option.

We have assessed the data in these events and established that the only data that might associate back to a user are storage bucket names and keys.

As we are not yet in production, it would be good to tackle the issue of PII in immutable data-stores up-front, and if necessary we'll probably opt for a per-user symmetric encryption key (stored in a mutable datastore) to encrypt this sensitive data that can be forgotten with the user, thereby rendering their events unreadable.

This is something that we'd prefer not to do. So, do storage bucketnames and keys present a trail back to their owner?

spender
  • 121
  • 6
  • It would depend on the naming scheme, which you haven’t explained. Is the bucket/object name based itself on PII? If so, then it may be PII. If it’s some random ID, then it’s not likely PII. I’d have to look it up again, but GDPR should provide a definition of PII that should help you decide if the names you’re using would qualify. – nbering Jul 07 '18 at 17:27

0 Answers0