Wait... that makes postgress a legal liability in the EU; considering the GDPR law
Discussion
Just have to anonymize, to be complaint.
Don't have to hard-delete anything.
This isn't true, under GDPR. It requires personally identifiable data to be irreversible deleted, both when not needed anymore and on recival of a data deletion request.
And personally identifiable data can't be anonymized ex. an emailadress is in and of itself id-data even when not connected to anything. Same for IP-adress, postal adress, phone numbers, personal names & nicknames etc.
It is true. We built a special "GDPR delete" function that just went and replaced "Tom.Smith@gmail.com" with "nobody@nothing.com" and "Smith, Tom" with "Nobody, Whoever" and birthdate to "01.01.9999" or whatnot, and then we'd filter them out of queries.
You don't have to hard-delete an RDB class to get rid of one record. Just replace anything personal with gibberish.
From a legal perspective that's probably good enough to be considered a delete :)
People who want GDPR compliance probably also need to propagate data removal through the backups as well.
Yes, but some data has to be maintained for legal reasons, so that also doesn't get deleted.
Need an archiving and deletion scheme, for all of this, but there's no requirement to mess up your database relationships by removing table keys or something.
Alternatively you can use crypto-shredding, it adds overhead but it works instantly everywhere