Hi, Thank you Jon for this DeletingCS I'll have a look. Not being able to query/access a user data, or at least not being able to identify a client from its data (@Stefan *crypto shredding and pseudonymization strategies)* makes sense now
I did interpret the legal text a bit too far on the physical deletion part ! Thank you all On 9 February 2018 at 21:42, Stefan Podkowinski <s...@apache.org> wrote: > Deleting data "without undue delay" in Cassandra can be implemented by > using crypto shredding and pseudonymization strategies in your data model. > All you have to do is to make sure that throwing away a person's data > encryption key will make it impossible to restore personal data and > impossible to resolve any pseudonyms associated with that person. > > > On 09.02.18 17:10, Nicolas Guyomar wrote: > > Hi everyone, > > Because of GDPR we really face the need to support “Right to Be Forgotten” > requests => https://gdpr-info.eu/art-17-gdpr/ stating that *"the > controller shall have the obligation to erase personal data without undue > delay"* > > Because I usually meet customers that do not have that much clients, > modeling one partition per client is almost always possible, easing > deletion by partition key. > > Then, appart from triggering a manual compaction on impacted tables using > STCS, I do not see how I can be GDPR compliant. > > I'm kind of surprised not to find any thread on that matter on the ML, do > you guys have any modeling strategy that would make it easier to get rid of > data ? > > Thank you for any given advice > > Nicolas > > >
