Last week, at this year’s JAX London conference, I gave a talk about the General Data Protection Regulation (GDPR), and the very interesting and specific implications for applications that use event sourcing. The talk was inspired and partly based on two earlier articles that I wrote: Forget me please? Event sourcing and the GDPR and Event sourcing and the GDPR: a follow-up.
We discussed the history and raison d’être of the GDPR, a short primer/recap on CQRS & Event Sourcing theory, how to record and demonstrate consent and other interesting parts of the GDPR. Last but not least, I talked about GDPR Article 17, the “right to erasure”, one of the most challenging articles of the entire regulation. I shared a number of strategies to ensure, when confronted with an Article 17 request, customer data actually is removed from the event store.
Unfortunately the session wasn’t recorded, but I’ve published the slide deck on Speaker Deck.
Let me know what you think!