Event Sourcing and GDPR Compliance

Mateusz Joniak - June 29, 2018

Since its coming into force in May 2018, the European Union General Data Protection Regulation (GDPR) has revolutionised the way we think about personal data. No longer can companies process and store sensitive information in any way they like. Instead, they have to obtain user’s explicit consent. One may say, the regulation put control of the data back in the hands of its rightful owners: the people.

However, even if we all love the positive changes in data protection brought by the new law, the regulation comes with its own share of pitfalls and technical challenges. Especially the famous Article 17, which introduces a right to be forgotten, causes problems for systems based on permanent and tamper-proof data storage solutions, such as blockchain or immutable event stores.

GDPR in short

GDPR aims to unite all data protection-related laws in the European community. Some other states, such as Japan and New Zealand, that are not members of the EU, but wish to improve the way they handle personal information, are also working on compatible regulations.

Without delving too much into the nitty-gritty of legal details, if a company wants to store and process any data that can be linked to an individual user, it’s required to get consent for all uses of the data. However, now those permissions need to be explicit and the conditions must be presented in a plain and perspicuous language. This finally puts a stop to pre-ticked checkboxes and pages upon pages of legalese babble.

Another change is that now the data subject can ask you to provide a copy of all the data you have on them. This right of access also requires that the information in question should be exported in both machine- and human-friendly format (such as JSON).

If the user withdraws consent, they can invoke the right to erasure (also known as the right to be forgotten), which is a demand to delete all their personal data. As we will see, this can cause some trouble with techniques based on immutability, i.e., databases that don’t support deletes or updates.

There are of course some exceptions to those rules, for example, if under the law of its parent country, the company is obliged to preserve some data, such as invoices and contracts.

GDPR and Event Sourcing

In event-sourced systems, current state is calculated based on a log of previous actions. So for example, in banking, instead of changing both accounts’ balance after a money transfer, you would save a transaction to the DB, and then if needed, derive the current amount from all past operations.

Usually, those events are only persisted once and never modified afterward. Some storage mediums, like blockchain and WORM disks, don’t support any alteration of saved data at all.

Pseudonymous data

How to reconcile the erasure-related requirements of GDPR-compliant systems with technical constraints associated with immutable persistence? Solution to this conundrum might lay in pseudonymisation.

The technique is a simple one. What turns any set of facts into personal data, is the presence of attributes that can be linked to a particular person. Examples include names, addresses (both email and physical), identification numbers and biometrics. If we can extract such info from our immutable store, and put it in an external DB that supports updates, we can readily conform to the requirements.

Before pseudonymisation

Safe pseudonymised data

Data between our two stores could be linked with an identifier called a pseudonym. It should be impossible to single out the data subject based on the pseudonym and non-sensitive data fields alone. Randomised numbers, such as GUIDs, can work well in this scenario.

The obvious downside is that now you have to link data from two separate stores. Also, if you were using blockchain, you lose some of the benefits coming from cryptographic security and peer-to-peer architecture. Instead, there is now a single and universally trusted centralised DB that contains all the sensitive information.

However, storing sensitive info on a globally-accessible blockchain was always a bad idea, since it exposes those data to the public. Pseudonymisation should always be considered best practice in systems making use of distributed ledgers.

Mutable events

Of course, if the architecture in question isn’t based on an immutable store - for example, if you persist all your domain events in Mongo DB - you can simply alter past events, removing all the protected info.

However, if some business rules depend on personally-identifiable data, then you will lose replayability, a significant benefit usually associated with event sourcing. If you rebuild your current state from events after data removal, you will get different results than you had previously.

We advise this solution for systems that don’t usually handle big amounts of data, and where full replayability is not a crucial issue.

Conclusion

While some may consider this dilemma a pick your poison situation, we believe that it’s an excellent opportunity to think about how we handle personal data. After all, our customers put an enormous deal of trust in our company by handing over their sensitive data for safekeeping. We cannot let them down with rash decisions regarding security measures and storage techniques. It might be a tough challenge to overcome, but it’s definitely worth the effort.

More articles

Find us on

Need help with implementing AI in your business?

Let's talk blue circle

This site uses cookies for analytical purposes.

Accept Privacy Policy

In the interests of your safety and to implement the principle of lawful, reliable and transparent processing of your personal data when using our services, we developed this document called the Privacy Policy. This document regulates the processing and protection of Users’ personal data in connection with their use of the Website and has been prepared by Nexocode.

To ensure the protection of Users' personal data, Nexocode applies appropriate organizational and technical solutions to prevent privacy breaches. Nexocode implements measures to ensure security at the level which ensures compliance with applicable Polish and European laws such as:

  1. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (published in the Official Journal of the European Union L 119, p 1); Act of 10 May 2018 on personal data protection (published in the Journal of Laws of 2018, item 1000);
  2. Act of 18 July 2002 on providing services by electronic means;
  3. Telecommunications Law of 16 July 2004.

The Website is secured by the SSL protocol, which provides secure data transmission on the Internet.

1. Definitions

  1. User – a person that uses the Website, i.e. a natural person with full legal capacity, a legal person, or an organizational unit which is not a legal person to which specific provisions grant legal capacity.
  2. Nexocode – NEXOCODE sp. z o.o. with its registered office in Kraków, ul. Generała Henryka Kamieńskiego 51, 30-644 Kraków, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for Kraków-Śródmieście in Kraków, 11th Commercial Department of the National Court Register, under the KRS number: 0000686992, NIP: 6762533324.
  3. Website – website run by Nexocode, at the URL: nexocode.com whose content is available to authorized persons.
  4. Cookies – small files saved by the server on the User's computer, which the server can read when when the website is accessed from the computer.
  5. SSL protocol – a special standard for transmitting data on the Internet which unlike ordinary methods of data transmission encrypts data transmission.
  6. System log – the information that the User's computer transmits to the server which may contain various data (e.g. the user’s IP number), allowing to determine the approximate location where the connection came from.
  7. IP address – individual number which is usually assigned to every computer connected to the Internet. The IP number can be permanently associated with the computer (static) or assigned to a given connection (dynamic).
  8. GDPR – Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals regarding the processing of personal data and onthe free transmission of such data, repealing Directive 95/46 / EC (General Data Protection Regulation).
  9. Personal data – information about an identified or identifiable natural person ("data subject"). An identifiable natural person is a person who can be directly or indirectly identified, in particular on the basis of identifiers such as name, identification number, location data, online identifiers or one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person.
  10. Processing – any operations performed on personal data, such as collecting, recording, storing, developing, modifying, sharing, and deleting, especially when performed in IT systems.

2. Cookies

The Website is secured by the SSL protocol, which provides secure data transmission on the Internet. The Website, in accordance with art. 173 of the Telecommunications Act of 16 July 2004 of the Republic of Poland, uses Cookies, i.e. data, in particular text files, stored on the User's end device.
Cookies are used to:

  1. improve user experience and facilitate navigation on the site;
  2. help to identify returning Users who access the website using the device on which Cookies were saved;
  3. creating statistics which help to understand how the Users use websites, which allows to improve their structure and content;
  4. adjusting the content of the Website pages to specific User’s preferences and optimizing the websites website experience to the each User's individual needs.

Cookies usually contain the name of the website from which they originate, their storage time on the end device and a unique number. On our Website, we use the following types of Cookies:

  • "Session" – cookie files stored on the User's end device until the Uses logs out, leaves the website or turns off the web browser;
  • "Persistent" – cookie files stored on the User's end device for the time specified in the Cookie file parameters or until they are deleted by the User;
  • "Performance" – cookies used specifically for gathering data on how visitors use a website to measure the performance of a website;
  • "Strictly necessary" – essential for browsing the website and using its features, such as accessing secure areas of the site;
  • "Functional" – cookies enabling remembering the settings selected by the User and personalizing the User interface;
  • "First-party" – cookies stored by the Website;
  • "Third-party" – cookies derived from a website other than the Website;
  • "Facebook cookies" – You should read Facebook cookies policy: https://www.facebook.com/policy/cookies
  • "Other Google cookies" – Refer to Google cookie policy: www.google.com/policies/technologies/types/

3. How System Logs work on the Website

User's activity on the Website, including the User’s Personal Data, is recorded in System Logs. The information collected in the Logs is processed primarily for purposes related to the provision of services, i.e. for the purposes of:

  • analytics – to improve the quality of services provided by us as part of the Website and adapt its functionalities to the needs of the Users. The legal basis for processing in this case is the legitimate interest of Nexocode consisting in analyzing Users' activities and their preferences;
  • fraud detection, identification and countering threats to stability and correct operation of the Website.

4. Cookie mechanism on the Website

Our site uses basic cookies that facilitate the use of its resources. Cookies contain useful information and are stored on the User's computer – our server can read them when connecting to this computer again. Most web browsers allow cookies to be stored on the User's end device by default. Each User can change their Cookie settings in the web browser settings menu: Google ChromeOpen the menu (click the three-dot icon in the upper right corner), Settings > Advanced. In the "Privacy and security" section, click the Content Settings button. In the "Cookies and site date" section you can change the following Cookie settings:

  • Deleting cookies,
  • Blocking cookies by default,
  • Default permission for cookies,
  • Saving Cookies and website data by default and clearing them when the browser is closed,
  • Specifying exceptions for Cookies for specific websites or domains

Internet Explorer 6.0 and 7.0
From the browser menu (upper right corner): Tools > Internet Options > Privacy, click the Sites button. Use the slider to set the desired level, confirm the change with the OK button.

Mozilla Firefox
browser menu: Tools > Options > Privacy and security. Activate the “Custom” field. From there, you can check a relevant field to decide whether or not to accept cookies.

Opera
Open the browser’s settings menu: Go to the Advanced section > Site Settings > Cookies and site data. From there, adjust the setting: Allow sites to save and read cookie data

Safari
In the Safari drop-down menu, select Preferences and click the Security icon.From there, select the desired security level in the "Accept cookies" area.

Disabling Cookies in your browser does not deprive you of access to the resources of the Website. Web browsers, by default, allow storing Cookies on the User's end device. Website Users can freely adjust cookie settings. The web browser allows you to delete cookies. It is also possible to automatically block cookies. Detailed information on this subject is provided in the help or documentation of the specific web browser used by the User. The User can decide not to receive Cookies by changing browser settings. However, disabling Cookies necessary for authentication, security or remembering User preferences may impact user experience, or even make the Website unusable.

5. Additional information

External links may be placed on the Website enabling Users to directly reach other website. Also, while using the Website, cookies may also be placed on the User’s device from other entities, in particular from third parties such as Google, in order to enable the use the functionalities of the Website integrated with these third parties. Each of such providers sets out the rules for the use of cookies in their privacy policy, so for security reasons we recommend that you read the privacy policy document before using these pages. We reserve the right to change this privacy policy at any time by publishing an updated version on our Website. After making the change, the privacy policy will be published on the page with a new date. For more information on the conditions of providing services, in particular the rules of using the Website, contracting, as well as the conditions of accessing content and using the Website, please refer to the the Website’s Terms and Conditions.

Nexocode Team