← Graph

How does GDPR deletion work if encrypted events are in backups?

question 2 connections

Audience asks: if GDPR is solved by encrypting PII inside events and deleting the key, how do backups of those events still respect deletion? Krzywda doesn't remember the exact setup but says personal data is either kept out of backups or stored separately, and only PII fields inside events are encrypted — the rest of the event remains intact. Links to the rails_event_store GDPR docs.

answer_summary
Only PII fields inside events are encrypted; deleting the per-user key makes those fields unreadable. Backups are handled by keeping personal data out of them or storing it separately. See the rails_event_store GDPR docs.
question How does GDPR deletion work if encrypted events are in backups?
about
rails_event_store tool
About rails_event_store's GDPR-via-encryption approach.
question How does GDPR deletion work if encrypted events are in backups?
asked_at
Typical DDDomains In Rails Apps talk
Asked during Q&A.

Provenance

Created in
Typical DDDomains in Rails Apps — Andrzej Krzywda at wroc... 2026-04-17 18:07
Read by
5 extractions