Hacker News new | past | comments | ask | show | jobs | submit login

Assuming that a SaaS provider is the `processor` in the GDPR. Could it comply to the GDPR by providing the following features through either API or admin panel?:

* Trigger json/zip export of all data for $user_id

* Delete all data for $user_id

* List all events where data for $user_id has been sent to $third_party

When building a new SaaS service from in 2018, this does not seem to be that much work if you design your system with these requirements in mind. A simple way to tag every resource in the database with $user_id, and an event log for third party interactions should be enough.

Am I missing something?




How do you delete data from backups written to persistent media?

When having CQRS/ES architecture (immutable events), how do you delete that data where by definition events can't be modified/deleted.

Just two examples, but there is much more.


> How do you delete data from backups written to persistent media?

You encrypt each user's data with unique symmetric key and store the key in HSM or other external, rewritable media. When requested, you delete the key for a given user, rendering user data in backups unusable.


I don't think that is feasible, because you don't know if this data could be easily decrypted in the future. What do you do with existing data written to persistent media?


What do you do with the futuristic tech that allows one to read all of the possible data written to a given hard drive?

Your point is highly hypothetical.


What do you think is reasonable if you say encryption and deletion of said key is not reasonable effort enough?


You are not expected to delete data from backups, but you will probably want to put something in place where you ask for consent to store their name or something so that you can remove them again if you ever restore from a backup.


You are not expected to delete data from backups

Why not? Wouldn't it be a very convenient loophole to keep user data? Yes, it sounds very complicated, but not like it was introduced overnight.


Basically GDPR says that you can keep backed-up data but you must have your backup retention age and processes defined. That is, it's ok to say "we retain backups and logs which may contain your data for 30 days".


Interesting. Is it required to delete data from persistent data immediately or is it sufficient to retain the $to_be_deleted_user_id for preprocessing when restoring a backup?

Same for event processing, can we get by with a preprocessing step that filters out data when reprocessing the event list?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: