The General Data Protection Regulation (GDPR) has posed some major challenges for many software developers as well as for whole corporations and companies. The following three provisions keep presenting difficult tasks for many:
Art. 17 – Right to erasure
Art. 12 – Transparent information, communication and modalities for the exercise of the rights of the data subject
Art. 20 – Right to data portability
Erasure – Many times, data are mixed. Personal data and data that is needed to ensure operation (e.g., reports, processing) are interrelated. Consequently, erasure is far from easy.
Transparency – In order to ensure traceability of information (which data was collected when, and why), complete auditing is necessary.
Data portability – Our structure will never be compatible with that of another software. How are we supposed to import data into another software?
Compliance with the GDPR is no walk in the park!
Since 2005, there has been an architectural pattern which – through minimal adaptation – solves all of these problems and even offers added value to companies as well as customers. This pattern is widely known and is currently attracting more attention, due to a new hype. When it comes to compliance with the GDPR however, it is often immediately rejected.
I will show you how every company and developer can rapidly switch to this pattern in order to establish a 100% GDPR-compliant architecture. We will see how legacy data can be easily migrated and made compliant with the GDPR.
Referent: Sia Ghassemi
dev-security, we need more and easier dev-security!
Sia Ghassemi is not just a passionate software architect and Microsoft MVP for the category Azure, he is also the founder of sia-consulting limited, a company specialized in GDPR, dev-security and cloud-security. He is a frequent speaker and workshop-lead at different conferences throughout Germany and Canada.