We’d like to use Eventstore to store insurance type data. We’d have multiple EventStoreDBs (one per microservice)
Under GDPR we need to be able to delete a particular customer’s data.
I’ve had one engineer telling me that the only way to do this is to split out the PII data into a separate mongodb so that it can be deleted from there because ‘EventStore doesn’t allow data to be deleted’
Another proposed solution was to encrypt PII data in the event but this makes aggregations, etc. a bit hard The encryption key for that customer could be deleted and this would essentially make the data inaccessible.
However a quick read through the docs shows me that we probably should be creating a stream per customer (or any other entity that stores PII) in each microservice and then just delete that stream and do a scavenge and that should remove all the customer events containing PII and thereby the data.
Is this the best way to deal with GDPR? Are there downsides to this approach?
Does it have an impact on any aggregations, projections, etc.?