Hey Christian,
my understanding is that you have an upstream system publishing data via
Kafka topic to a downstream system, and your goal is to delete the PII data
both from Kafka and the downstream system via a message published through
the same topic. Is my understanding correct? Does the coord
d tombstone record (a
> record
> > with the same key containing only GDPR compatible data with the sensitive
> > information removed), and let Kafka take care of the removal using log
> > compaction.
> >
> > Kind regards,
> > Sandor
> >
> >
>
> Hi all,>
>
> there has been an interesting talk about this during a previous Kafka>
> Summit. It talks about using crypto-shredding to 'forget' user information.>
> I'm not sure if there are any slides, but it basically suggests that you'd>
> encrypt user data on Kafka, and when you get a informa
ni, Christian <
> christian.apoll...@baloise.ch> wrote:
>
> > Hello,
> >
> > I have some questions about implementing GDPR compliance in Kafka.
> >
> > In our situation we have the requirement of removing personal data from
> in
> > coordination with multip
As alternative solution we also investigated encryption: encrypting all
messages with an individual key and removing the key once the "deletion" needs
to be performed.
Has anyone experience with such a solution?
--
Christian Apolloni
Disclaimer: The contents of this email and any attachme
Hi Sandor, thanks again for your reply.
> If you have a non-log-compacted topic, after `retention.ms` the message>
> (along with the PII) gets deleted from the Kafka message store without any>
> further action, which should satisfy GDPR requirements:>
> - you are handling PII in Kafka for a limite
Hi Christian,
disclaimer: IANAL, so take everything with a grain of salt from the legal
perspective, I'm sharing the experience I have handling PII data with Kafka
in an ecommerce system, so your requirements may differ.
I'm not sure how your system is designed but in general from a data
manageme
On 2020/08/19 16:15:40, Nemeth Sandor wrote:
> Hi Christian,>
Hi, thanks for your reply.
> depending on how your Kafka topics are configured, you have 2 different>
> options:>
>
> a) if you have a non-log-compacted then you can set the message retention>
> on the topic to the desired value. In t
take care of the removal using log
compaction.
Kind regards,
Sandor
On Wed, 19 Aug 2020 at 16:53, Apolloni, Christian <
christian.apoll...@baloise.ch> wrote:
> Hello,
>
> I have some questions about implementing GDPR compliance in Kafka.
>
> In our situation we have the re
about implementing GDPR compliance in Kafka.
>
> In our situation we have the requirement of removing personal data from in
> coordination with multiple systems. The idea is having a central "coordinator
> system" which triggers the deletion process for the individual syste
Hello,
I have some questions about implementing GDPR compliance in Kafka.
In our situation we have the requirement of removing personal data from in
coordination with multiple systems. The idea is having a central "coordinator
system" which triggers the deletion process for the
11 matches
Mail list logo
