"Just Delete the User": Famous Last Words Before the GDPR Audit — Daily DevOps & .NET
This title could be clearer and more informative.Try out Clickbait Shieldfor free (5 uses left this month).
Implementing GDPR Article 17 right-to-erasure correctly requires far more than a simple database DELETE. User data typically lives in production databases, analytics warehouses, blob storage, caches, search indexes, backups, and third-party systems. A naive delete breaks referential integrity and leaves data scattered everywhere with no audit trail. The correct approach uses orchestrated workflows (demonstrated with Azure Durable Functions) that run parallel erasure across independent systems, handle sequential third-party notifications respecting rate limits, use soft-delete with anonymization to preserve referential integrity, verify completeness programmatically, and produce immutable audit logs. Additional concerns covered include the backup resurrection problem (restored backups must re-trigger erasure), legal retention exceptions (tax records, active contracts), and testing strategies for partial failures and edge cases.
Table of contents
The Fatal Pattern: Database Scripts and HopeUnderstanding the RequirementsThe Correct Pattern: Orchestrated ErasureTesting Your Erasure ImplementationThe Backup TrapWhen Deletion Is IllegalWhat Actually WorksSort: