Event-driven systems are famous for immutability, and #GDPR is famous for data removal. Does that mean that event-driven systems cannot be compliant with privacy rules? Can we remove data in Event Sourcing?
Yes, to both!
https://event-driven.io/en/gdpr_in_event_driven_architecture/
Data governance practices are, unfortunately, not discussed enough in event-driven systems. People treat events more like freehand drawing, sometimes as mesh, but ending too often with a mess instead.
1/
We should carefully draw boundaries between our events. And we should also care about data privacy.
In the, I explained techniques specific to event-driven systems and tools like #Kafka, #Marten, and #EventStoreDB. But I also put them into a wider context.
After this article, I hope you see that applying privacy regulations to event-driven systems differs mainly from the technical patterns in handling them.
2/
The general practices around data governance, like segregation, data recency, and privacy by default, remain the same.
I describe those general guidance in the initial guide to GDPR for busy developers: https://event-driven.io/en/gdpr_for_busy_developers/
Feedback is (as always) more than welcome!
3/3
Oskar Dudycz 🇺🇦✊
Khalid ⚡
Maarten Balliauw