Like many businesses, we've faced an uphill battle dealing with GDPR compliance in a simple, repeatable way. Pseudonymization is a technique to replace identifiable data with artificial artifacts that still enable analysis and processing. It complies with EU regulations and it is possible to get back to the original data when using additional information!
In order to have a scalable solution we are using the standard Kafka connect architecture with a sink as the base. Records that are received by this sink are pseudonymized and in the meantime, a second record is created. This second record contains the additional information that is required to get back to the original data.
The resulting records are placed on two separate output topics and further processing is performed just as we would normally do. For security reasons (and compliance), the topic with the additional information is only available to those that are allowed to see and or processes that information.

This approach, allows us to process GDRP-related information in a standardized and simplified manner, by simply creating a configuration file that specifies fields and the type of processing we are compliant with the rules. A second benefit is that we can scale easily. We just have to create a new rule set and if needed spin up an additional worker.

Have you been struggling to find a scalable approach to comply with the GDPR rules, join this session to learn about how we implemented a scaleable solution.