[echelon]

Let's say you built your massive software business that relies on immutable records exchanged between services. Maybe your process involves cold storing some of the data. You have hundreds of microservices and thousands of lambdas, each one with a dedicated purpose. Your address microservice stores PII. Your session service knows about email. Your employee service has first and last names.

Now you have to coordinate ALL of it to support right to forget and data export.

You need an expert in each system to drop what they're doing for one to two quarters to figure out how not to break everything and support this new use case.

You need to synchronize the plan of action throughout all of the various orgs. Some party receives GDPR requests, and that now needs to trickle down to every service to handle and report back.

This is hugely expensive.

Millions of dollars.

You vastly underestimate the toll on existing legacy businesses.

[isbvhodnvemrwvn]

If you rely on immutable data records for sensitive information such as PII, and you don't have the full view on where the data is stored and how to delete it, the law IS SUPPOSED TO make you realize that it was a bad mistake. It was a mistake when you started, now you just have to pay for it to get fixed.