Event Sourcing & The GDPR – Erasing your data footprint

Michiel Rook

Recently, the EU General Data Protection Regulation (GDPR) came into effect. You’ve probably heard all about it (or at least seen the absurd amount of ‘update privacy policy’ emails in your inbox). In any case, the GDPR attempts to regulate data protection for EU citizens, and is applicable to any organization that deals with EU citizens.

The GDPR has many implications for any software or organization that processes data. However, if you are considering implementing event sourcing in your application (or have already done so), there are a few provisions in the regulation that have specific implications for event sourced applications.

Read more

The Road to Continuous Deployment (All Day DevOps 2016 Recap)

Michiel Rook

In 2016 and 2017, I gave a series of talks titled “The Road to Continuous Deployment: a Case Study”, detailing some of the work I did in 2015 together with the team at De Persgroep Employment Solutions. At DPES, we significantly improved time to market, quality and delivery speed by implementing Continuous Delivery. In the talk I explain how the process took us to multiple production releases per day and how we significantly changed and improved our way of working.  This blog post reviews a (short) version of that talk, as given during the first online All Day DevOps conference, in 2016.

Read more

Soon the GDPR will take effect! Are you ready?

Michiel Rook

As of May 25th, 2018, the European privacy regulation General Data Protection Regulation (GDPR) will take effect. This regulation concerns the ‘protection of natural persons with regard to the processing of personal data and on the free movement of such data’.

Important parts of the regulation are the right to access (and correct) of personal data that’s recorded and stored by organizations. The most profound and fundamental part however is that of the right to remove – under conditions – personal data (the “right to Erasure”, article 17 of the regulation).

Companies that are not compliant with the GDPR risk a substantial fine: a maximum of 20 million euros, or 4% of yearly gross revenue. However, according to research by EY, 33% of global respondents have yet to put a plan in place to realize compliancy. Time to get moving, only three short months remain!

Companies that source their IT-support or systems externally will have to make sure their vendors will be compliant. Even companies that have their own (internal) software development teams face multiple challenges to become compliant. For example, in two earlier blog posts, I researched a number of potential solutions for software applications that use Event Sourcing: here and here.

Are you ready for the GDPR? I’m more than happy to help you make the right choices. I’m not a legal expert, maar but can advise you in terms of (software) implementation or tools & technology.

Binnenkort treedt de AVG (GDPR) in werking!

Michiel Rook

Vanaf 25 mei 2018 is de Europese privacyverordening Algemene Verordening Gegevensbescherming (AVG, ook bekend als General Data Protection Regulation of GDPR) van toepassing. Deze verordening gaat over de ‘bescherming van natuurlijke personen in verband met de verwerking van persoonsgegevens en betreffende het vrije verkeer van die gegevens’.

Belangrijke onderdelen van de verordening zijn het recht op inzage en correctie van persoonlijke gegevens die door bedrijven worden bijgehouden. Maar het meest fundamentele recht is waarschijnlijk het recht op verwijdering – onder voorwaarden – van persoonlijke gegevens (“Right to Erasure”, artikel 17 van de verordening).

Bedrijven die zich niet aan de AVG houden riskeren een stevige boete: maximaal 20 miljoen euro of 4% van de jaarlijkse omzet. Echter, volgens EY heeft 27% van de Nederlandse organisaties nog geen plan om AVG-compliance te realiseren. Tijd om in actie te komen, er resteren nog slechts een kleine drie maanden!

Organisaties die hun IT-ondersteuning of -pakketten extern sourcen zullen moeten verifiëren dat hun leveranciers zorgdragen voor naleving van de AVG. Ook voor bedrijven die hun IT-ontwikkeling intern hebben belegd zijn er meer dan voldoende uitdagingen om tot naleving van de verordening te komen. In twee eerdere (Engelstalige) blog posts onderzocht ik mogelijke oplossingen voor software-toepassingen die gebruik maken van Event Sourcing: hier en hier.

Uit onderzoek blijkt dat de meerderheid van de Nederlanders nog niet (volledig) op de hoogte is van de regels en mogelijkheden die de AVG biedt. Geconfronteerd met deze rechten zegt 50% ervan gebruik te willen maken; dit kan bedrijven flink op kosten gaan jagen!

Bent u klaar voor de GDPR? Ik help u graag om de juiste stappen te zetten. Ik ben geen juridisch expert, maar kan wel adviseren op het gebied van implementatie of technologiekeuze!

A typical CI/CD pipeline explained

Michiel Rook

Recently, I was asked on Twitter if I could give some pointers for reading material on (production) CI/CD pipelines – what they look like, and how they work. I decided to shed some light on this by describing a typical CI/CD pipeline (from my perspective), in a series of tweets. This article is an expansion of that thread.

Read more

Rebuilding projections in Axon Framework 3

Michiel Rook

CQRS (Command Query Responsibility Segregation) allows you to have separate models for reading and writing. Combining that pattern with Event Sourcing leads to a powerful capability: updating query (read) models, based on events. In real-time or rebuilding them from an existing collection of events. This post focuses on such projections, in applications that are built on Axon Framework.

Read more