In 2018, when the GDPR first came into force, there was a lot of noise around it's interaction with event sourcing, with the main issue being found with the right to be forgotten. Traditional thinking on event sourcing is that you should never delete an event which puts it at odds with a requirement to delete personal data you no longer have a legal right to keep.

In this talk we will explore the ways you can legally process personal information and the technological solutions you can use in an event sourced system to implement them.


Comments are closed.

An interesting insight in how event sourcing can work with the GDPR.
Provides a clear picture of the issues, and possible solutions. I like that the speaker speaks slowly and clearly, which makes it easy to follow.

The first 35 mins. could have been omitted from the talk. No need for 30 min GDPR recap. Last 10 min was interesting and relevant to the subject.

very interesting and a lot was covered!

Very clean and comprehensive talk.
The switching between presentation full screen and combination of speaker and presentation was not needed must of the time.
Less switching would have my preference.
The use of hand movement was good and added some extra visual information, but you could not see enough of the speaker to see it all.
Add more smiling to you presentation always helps even if it is on a serious subject. ;-)
Looking more in the camera connects you more to the audience.

Interesting talk :) I would shorten the gdpr intro the next time.

Very comprehensive, lots of details were covered, I liked the detailed explanation of the drawbacks associated with each possible solution. Great, thank you!

Geert Eltink at 16:10 on 26 Jun 2020

We have been discussing something similar in our company recently. I'll definitely suggest your solution next week.
The first part about GDPR was a bit confusing as I thought this was about events. Later I understood the link. Although others are saying the first part could have been ommitted, I think it was a nice recap and a good refresher about the GDPR rules. Very well explained.

Always a pleasure to listen to your talks. When reading about event sourcing, it came to mind how to deal with GPDR. Using the tombstone event is indeed the best thing so far.

Roald at 16:28 on 26 Jun 2020

I think most of us Europeans have been affected by GDPR, but as this turned out to be an online (and therefore global) conference a GDPR introduction and re-cap was actually a good idea for those less familiar. I must admit I personally didn't know all the specifics at the top of my head anymore either.

Needless to say GDPR is a challenge and the talk was a very interesting look into some of the possibilities and caveats of GDPR compliance in event sourcing.

Bas at 16:46 on 26 Jun 2020

Nice talk. Maybe you can shorten the GDPR a bit and start with the technical stuff earlier.

Even though I don't use event sourcing, I guessed the "tombstone" solution before you mentioned it.
But you surpriced me when you showed us to keep the tombstone event in place.
I'm very curious what extra data you can put in the tombstone event's payload, without breaking the regulations.

Mike Lehan at 17:20 on 26 Jun 2020

Very detailed talk by someone who really knows what they're talking about. Whilst the intro to GDPR was helpful I think there was possibly a bit too much of that - it was partially necessary to cover the various criteria that a solution has to meet, but could have been more succinct. There were a few points where it seemed like "oh this is how to do it" when there was a u-turn to say "oh but this actually won't work in practice" which was possibly true but felt like we were trying to understand something before knowing we couldn't do that.

I'd have loved extra time spent on the way to build it into a domain model because the best point of the talk was pointing out that GDPR should be as much a part of your domain as other business requirements, and not this tacked on aspect we consider after building a solution.

Timo Schinkel at 13:51 on 29 Jun 2020

Very extended and thorough look into how to comply with GDPR. I would have preferred this talk to be scheduled earlier in the schedule as a full day conference talks was taking it's toll on my concentration. I'll have to rewatch the video later.

Only point of criticism was the video quality; sound and video were not in sync for me where all other talks were.