Hi,
We have a customer case, which forbids keeping any data in digital format, which is more than 10 years old (this requirement established by the country law to be honest).
Now, I’m wondering whether Axon provides any feature out-of-the-box, which supports this? Say, for example, we want to clear all events having the field LocalDate expirationDate > 10 years ago.
Thanks!
Hi Vladyslav,
There isn’t really an out-of-the-box feature that implements this, but you do have a few options.
First of all, is there any particular reason why you would need to look at a field in the event, rather than at the general event timestamp? Doing the latter would make it easier to pick the right events.
If you’re using an RDBMS event store, you might just implement this as a DELETE query, erasing events that occurred more than 10 years ago.
Another option available for Axon is AxonIQ’s GDPR Module. It implements field-level encryption in event objects, with very fine grained control on what exactly gets encrypted using which key. The main use case of the GDPR Module is to enable cryptographic erasure: by throwing away a key, you can effectively delete certain fields in certain events, without having to change the stored event itself. Perhaps this could be useful in your case as well.
Kind regards,
Thanks,
Yes, we are using an RDBMS and I was thinking about exactly the same solution, just was wondering if Axon has any other options.
Hi Vladyslav,
There isn’t really an out-of-the-box feature that implements this, but you do have a few options.
First of all, is there any particular reason why you would need to look at a field in the event, rather than at the general event timestamp? Doing the latter would make it easier to pick the right events.
If you’re using an RDBMS event store, you might just implement this as a DELETE query, erasing events that occurred more than 10 years ago.
Presumably you need a store a snapshot of the aggregate at point you start deleting events from
Another option available for Axon is AxonIQ’s GDPR Module. It implements field-level encryption in event objects, with very fine grained control on what exactly gets encrypted using which key. The main use case of the GDPR Module is to enable cryptographic erasure: by throwing away a key, you can effectively delete certain fields in certain events, without having to change the stored event itself. Perhaps this could be useful in your case as well.
Very cool.