right-to-be-forgotten requests can be incorporated into the design of ledger based systems with appropriate encryption and a forgettable key per customer.

@@amlyo6722 that simply means you have just hidden their data and not forgotten it... A sophisticated soft delete

@@zimcoder If the person who does your backups ever tells you this, it's time to start panicking

🤣

@@amlyo6722 I mean, he isn't exactly wrong. Forgetting an encryption key simply means it's "forgotten for the foreseeable future", not actually "forgotten". Someone 10 years from now could obtain a leaked dump of your database and decrypt it using, say, a quantum computer. It's not exactly a clear-cut issue.

You got the point of the video!

Delete if you need to delete.

It's not about CRUD vs Event Sourcing. You could be recording current state in the way I showed it with a document and having a collection that recorded when they were hired and terminated.

Depends how those columns are being used, I suspect just for information/query/view purposes. If you're in CRUD mode, then yes. If you're not then you probably don't have those columns but more-so like a CancelledDate, EmploymentTerminatedDate, etc.

ha!

Yup! It's not really "deleted" it has some explicit meaning that is different in a different entity/context but it's implied with isDeleted. Not fun. Make the implicit explicit.

If your were event sourcing, the individual events define their own schema. All the events for a particular aggregate are persisted in a stream. This video might be helpful if you haven't watched already. kzbin.info/www/bejne/d4bNZYBjqNlmn8U

Task based doesn't imply you're publishing events. It sure helps to do so, but performing a command doesn't mean it has to publish an event.

The employee didn't move twice, but they also didn't move to the first address. I'd rather just create a second move and maybe add a field "reason" for moving where I can say "previous move error" under EmployeeAddedAddress event. Although I'm not against deleting an address, I must confess I'd stress out about the address use dependencies elsewhere. I'm just thinking off the top of my head. I don't really have an implementation example come to mind where I had to address this before

That's was the same question I had! For example we do have accounts where all personal data has to be wiped or scrambled when they want to delete their account because of the GDPR. (So the other way around, we must delete the data by law)

The intent of the video is to illustrate that often there are business concepts to capture that soft deleting doesn't provide. Capture business concepts if applicable. If you need to delete data, delete it.

Yes, capturing business intent has many benefits, one being auditing.

Only if the data is covered by gdpr

Correct. This video has nothing to do with GDPR. There are many ways of handling, one of which is deleting data. If you need to delete data because of GDPR, sure. You could also encrypt data and lose the key. The point of the video is to illustrate to capture business concepts explicitly.

Then i didn't got a message of this video correctly. My point was that there are more than Delete vs Soft delete.

In that case could you just anonymize any identifiable fields in existing data (name, address, email etc.)? Would this satisfy GDPR whilst preserving most of the events?

@@ColinWhittingham This is how this is typically done. But you must do the homework to avoid the hunting for data traces.

What about it? If you need to delete data, delete it. The point of the video is to capture business concepts if applicable. If you need to delete data, go ahead.

You don't need to do event sourcing to capture the business concept. As I illustrated with the document example that's recording current state (not event sourcing) I had a collection that recorded the hiring and termination. If you were using tables, you'd probably have table with columns for HireDate, TerminationDate, etc. With a single record for their employment.

@@CodeOpinion makes total sense, I got it, so a row with termination date being empty/default value when created. Then update to fulfill that information when the corresponding event happened.

This specific example is unlikely to scale as I think a business is unlikely to hire and fire one person thousands of times, so just shoving the data in "EmployeeHistory" would probably suffice. That would apply whether you are using events/pub/sub or just an API/ORM, and for RDBMS or a NoSQL store. It is a concern if you are talking about something with a much higher cardinality. Say like clock in/out events for laborers. You might have several per day (breaks, etc) per employee, seeral thousands per year, and then it grows forever as long as someone is employed and working. You have to question then what the business case to read the data back out later is and how you will access it. It may make sense that data is stored by PayPeriod + EmployeeId, which roughly fixes your cardinality to maybe a few dozen or couple hundred no matter how many employees you have and how long they work at the company. To some extent, you could say Derek seems to be putting the cart in front of the horse, he's coming as a developer in a video presumably focused on providing information to other developers, but business should be the main driver to store this extra tabular dimension (history) instead of just a scalar or two (i.e. current employment status or hire/fire dates) It's a good thing to bring up from the dev side, though. There are a lot of really good talking points here, and knowing the difference between the scalar and tabular or event aggregation is good knowledge to have kicking around in your head. It's this sort of knowledge that separates someone who blindly completes a user story and someone who can help steer their business away from information black holes.

Correct. It's about capturing the business concept (where appropriate).

You could delete relevant streams or rebuild them with the relevant user related data omitted.

Just as a complement. I understand that it could exists some information that should be anonymized but still kept for integrity of references to some other data. But the majority of personal data should be hard deleted.

If you want to be GDPR compliant, you should be able to erase all user's personal data.

I don't but I should get maybe Simon on here to do a quick one about it.

Then delete the data. The point of the video really is to capture business concepts explicitly when traditionally you would think about deleting or soft deleting data.

Yeah. The coversheet. I know, I know. Uh, Bill talked to me about it.

@@CodeOpinion Time to go fishing.

You can anonymize, and if I know, in special cases, you have obligation to keep data anyway (accounting). So the concept still makes sense.

🤣

Absolutely would make your life more difficult if your focusing on crud. If your viewing things based on business concepts it's not difficult at all since the concept of deleting likely doesn't exist.

Well the point I'm trying to make is the word "delete" makes no sense. You're not deleting anything, you're capturing data related to a business concept (hiring/terminating).

You answered it yourself, its "extremely contextual". There's no single answer to the question. The point with the adding is there are more options beyond the soft/hard delete.

@@CodeOpinion That was my point, although I was thinking this video would be about hard and soft delete exclusively and when to choose between one or the other based on the title.

Well I clearly didn't do a good enough job in the video or didn't anticipate the common reaction.

​@@CodeOpinion I disagree. You did perfect job! I've been watching your previouse videos when I was learning DDD approach and I had same problems - i was asking question from my limited context. It is so clear for me now and even funny :D