Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ES-CQRS and GDPR: When Immutability Meets Reality

ES-CQRS and GDPR: When Immutability Meets Reality

The last couple of years has seen a surge of interest in Event Sourcing in the PHP community. This has coincided with the introduction of GDPR, the new data privacy regulations rolled out across all EU28 nations.

In this talk, Stuart will introduce you to the core principles of GDPR and the Data Protection Act 2018. He’ll look at what capabilities you need to add to your application/service to allow your business to comply with this landmark legislation. And then he’ll look at how these requirements do—or don’t—map into the Event Sourcing world.

Presented at PHP North East User Group on 19th March 2019.

Stuart Herbert

March 19, 2019
Tweet

More Decks by Stuart Herbert

Other Decks in Programming

Transcript

  1. Industry veteran: architect, engineer, leader, manager, mentor F/OSS contributor since

    1994 Talking and writing about PHP since 2004 Chief Software Archaeologist Building Quality @GanbaroDigital About Stuart
  2. @GanbaroDigital In This Talk 1. Event Sourcing 2. GDPR 3.

    How GDPR Impacts Event Sourcing 4. Summary
  3. @GanbaroDigital Some Example Events • User added item to basket

    • User completed basket checkout • User paid for order • Order shipped
  4. @GanbaroDigital Event Source systems store events in the database ...

    ... not the current state (and not the operations either).
  5. @GanbaroDigital An Event Store is, ultimately, a database. It may

    be a general purpose RDBMS, a NoSQL datastore, or a specialist ESDB.
  6. @GanbaroDigital If the Projection Cache is lost, it can be

    rebuilt by playing back the events from the Event Store.
  7. @GanbaroDigital To rebuild state for any moment in time, you

    need to know which version of the code was applied to each event.
  8. @GanbaroDigital For many developers, GDPR will be the first time

    they have worked in a regulated environment.
  9. @GanbaroDigital “ GDPR is the beginning of the end of

    the wild, wild west of unregulated software development.
  10. @GanbaroDigital GDPR applies to free / open-source software too. You

    can't get around that in your LICENSE.md file.
  11. @GanbaroDigital Here are just some* of the requirements that GDPR

    and DPA 2018 place on data processing. * IANAL etc etc
  12. @GanbaroDigital Inform all third-parties that you have deleted personal data

    that you have passed to them. And tell the individual about those third-parties.
  13. @GanbaroDigital • Right to be informed • Right of access

    • Right to rectification • Right to erasure • Right to restrict processing • Right to data portability • Right to object • Rights related to automated processing Individual Rights
  14. @GanbaroDigital If you obtain personal data from third-party sources, you

    must* provide individuals with your privacy information within 1 month.
  15. @GanbaroDigital Do not use personal data that is subject to

    a processing restriction request. But you can still store it.
  16. @GanbaroDigital *but only when lawful basis is consent or by

    contract, and only when personal data is processed by automated means.
  17. @GanbaroDigital Requirement: You must be able to trace all personal

    data back to a lawful purpose for each processing use.
  18. @GanbaroDigital Implies: You may need to track which items of

    personal data have been used for each piece of processing.
  19. @GanbaroDigital Requirement: You must be able to drop any piece

    of personal data. ... as if you never held it in the first place.
  20. @GanbaroDigital Requirement: You must be able to remove personal data

    from everywhere (inc backups and archives).
  21. @GanbaroDigital Implies: You may need to track which items of

    personal data have been used for each piece of processing.
  22. @GanbaroDigital Requirement: You must be able to drop any piece

    of personal data. ... as if you never held it in the first place.
  23. @GanbaroDigital ?? ?? Can you purge any piece of personal

    data from the Projection Cache and any snapshots?
  24. @GanbaroDigital ?? ?? If you do so by rebuilding the

    Projection Cache, are you sure you won't change anyone else's personal data?
  25. @GanbaroDigital ?? ?? If you still have the data, but

    cannot read it today, does that prevent it being read in the future?
  26. @GanbaroDigital Requirement: You must be able to remove personal data

    from everywhere (inc backups and archives).
  27. @GanbaroDigital ?? ?? If you rebuild state for an earlier

    time, how do you honour processing restrictions?
  28. @GanbaroDigital ?? ?? How do you ensure processing restrictions do

    not change anyone else's personal data after a projection rebuild?
  29. @GanbaroDigital Implies: You may need to track which items of

    personal data have been used for each piece of processing.
  30. @GanbaroDigital ?? ?? Can you reproduce the state used at

    any point in time? With 100% accuracy?
  31. @GanbaroDigital ?? ?? Can you have the benefits of Event

    Sourcing and be GDPR-compliant? And is it worth it?
  32. @GanbaroDigital We're in the early stage of GDPR enforcement. Enforcement

    actions (or inaction!) will shape future advice.
  33. @GanbaroDigital As a CTO, I would not adopt any framework

    / approach that relies on immutability if it will store personal data.
  34. @GanbaroDigital When evaluating an ES framework, ask the question: where

    are the docs on how to achieve GDPR compliance?
  35. @GanbaroDigital When evaluating an ES framework, ask the question: where

    is the legal advice that it is GDPR compliant?
  36. @GanbaroDigital In an ES workshop, ask the question: how do

    you achieve GDPR compliance using what is being taught?
  37. @GanbaroDigital In an ES workshop, ask the question: where is

    the legal advice that the approach being taught achieves GDPR compliance?
  38. Thank You How Can We Help You? A presentation by

    @stuherbert
 for @GanbaroDigital