|
|
|
|
|
|
by tmd83
1901 days ago
|
|
|
It seems like a nice idea, the different consent/withdraw/forget workflow. But it seems the core idea is that all user PII is stored in a central table/tables and all other places uses reference. You can do this normally in a regular application, even the old version had only userId (a non PII info without the user table) and the PII was centralized. I think the biggest challenge is getting there where your PII is not spread all over the database and some denormalized PII for performance or whatever reason. I guess the biggest advantage of this project is removing access to the PII by means of joins and such and automatically enforcing access to PII using a restricted API. I guess a premade API makes it much easier to ensure nobody ends up violating that access and integrate PII too closely with the application. |
|
|