Last week, at this year’s JAX London conference, I gave a talk about the General Data Protection Regulation (GDPR), and the very interesting and specific implications for applications that use event sourcing. The talk was inspired and partly based on two earlier articles that I wrote: Forget me please? Event sourcing and the GDPR and Event sourcing and the GDPR: a follow-up.
gdpr
Event Sourcing & The GDPR – Erasing your data footprint
Recently, the EU General Data Protection Regulation (GDPR) came into effect. You’ve probably heard all about it (or at least seen the absurd amount of ‘update privacy policy’ emails in your inbox). In any case, the GDPR attempts to regulate data protection for EU citizens, and is applicable to any organization that deals with EU citizens.
The GDPR has many implications for any software or organization that processes data. However, if you are considering implementing event sourcing in your application (or have already done so), there are a few provisions in the regulation that have specific implications for event sourced applications.
Soon the GDPR will take effect! Are you ready?
As of May 25th, 2018, the European privacy regulation General Data Protection Regulation (GDPR) will take effect. This regulation concerns the ‘protection of natural persons with regard to the processing of personal data and on the free movement of such data’.
Important parts of the regulation are the right to access (and correct) of personal data that’s recorded and stored by organizations. The most profound and fundamental part however is that of the right to remove – under conditions – personal data (the “right to Erasure”, article 17 of the regulation).
Companies that are not compliant with the GDPR risk a substantial fine: a maximum of 20 million euros, or 4% of yearly gross revenue. However, according to research by EY, 33% of global respondents have yet to put a plan in place to realize compliancy. Time to get moving, only three short months remain!
Companies that source their IT-support or systems externally will have to make sure their vendors will be compliant. Even companies that have their own (internal) software development teams face multiple challenges to become compliant. For example, in two earlier blog posts, I researched a number of potential solutions for software applications that use Event Sourcing: here and here.
Are you ready for the GDPR? I’m more than happy to help you make the right choices. I’m not a legal expert, maar but can advise you in terms of (software) implementation or tools & technology.
Binnenkort treedt de AVG (GDPR) in werking!
Vanaf 25 mei 2018 is de Europese privacyverordening Algemene Verordening Gegevensbescherming (AVG, ook bekend als General Data Protection Regulation of GDPR) van toepassing. Deze verordening gaat over de ‘bescherming van natuurlijke personen in verband met de verwerking van persoonsgegevens en betreffende het vrije verkeer van die gegevens’.
Belangrijke onderdelen van de verordening zijn het recht op inzage en correctie van persoonlijke gegevens die door bedrijven worden bijgehouden. Maar het meest fundamentele recht is waarschijnlijk het recht op verwijdering – onder voorwaarden – van persoonlijke gegevens (“Right to Erasure”, artikel 17 van de verordening).
Bedrijven die zich niet aan de AVG houden riskeren een stevige boete: maximaal 20 miljoen euro of 4% van de jaarlijkse omzet. Echter, volgens EY heeft 27% van de Nederlandse organisaties nog geen plan om AVG-compliance te realiseren. Tijd om in actie te komen, er resteren nog slechts een kleine drie maanden!
Organisaties die hun IT-ondersteuning of -pakketten extern sourcen zullen moeten verifiëren dat hun leveranciers zorgdragen voor naleving van de AVG. Ook voor bedrijven die hun IT-ontwikkeling intern hebben belegd zijn er meer dan voldoende uitdagingen om tot naleving van de verordening te komen. In twee eerdere (Engelstalige) blog posts onderzocht ik mogelijke oplossingen voor software-toepassingen die gebruik maken van Event Sourcing: hier en hier.
Uit onderzoek blijkt dat de meerderheid van de Nederlanders nog niet (volledig) op de hoogte is van de regels en mogelijkheden die de AVG biedt. Geconfronteerd met deze rechten zegt 50% ervan gebruik te willen maken; dit kan bedrijven flink op kosten gaan jagen!
Bent u klaar voor de GDPR? Ik help u graag om de juiste stappen te zetten. Ik ben geen juridisch expert, maar kan wel adviseren op het gebied van implementatie of technologiekeuze!
CQRS & Event Sourcing article published in PHP Architect
This month an article I wrote for PHP Architect, called “CQRS & Event Sourcing in the Wild”, was published in the December 2017 “Talking Code” issue.
Event sourcing and the GDPR: a follow-up
My article about the implications of the GDPR for event-sourced applications that I published last week generated a sizable number of responses, suggestions and comments (most of them on Twitter). All of which are appreciated of course! In this post I’ll list the most interesting comments and try to respond to them.
Forget me please? Event sourcing and the GDPR
In May 2018, a new piece of EU legislation called the General Data Protection Regulation (GDPR) will come into effect. The GDPR attempts to regulate data protection for individuals within the EU and has very interesting and specific implications for applications that use event sourcing. In this article, I’ll discuss my thoughts on this subject and a few pointers for those implications.