[PPT] - FORGET ME PLEASE? EVENT SOURCING & THE GDPR Michiel Rook - PowerPoint Presentation

SLIDE 1

FORGET ME PLEASE?  EVENT SOURCING & THE GDPR

Michiel Rook - @michieltcs

SLIDE 2

DISCLAIMER: I AM NOT A LAWYER

SLIDE 3

GDPR

SLIDE 4

GENERAL DATA PROTECTION REGULATION

SLIDE 5

'

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Data Protection Directive)

General Data Protection Regulation

SLIDE 6

A SHORT HISTORY

SLIDE 7

1995 Data Protection Directive

SLIDE 8

1995 Data Protection Directive 2012 GDPR proposal

SLIDE 9

1995 Data Protection Directive 2012 GDPR proposal 2016 GDPR adopted

SLIDE 10

1995 Data Protection Directive 2012 GDPR proposal 2016 GDPR adopted 25 May 2018 GDPR enforceable

SLIDE 11

REGULATION

SLIDE 12

PROTECTS EU CITIZENS

SLIDE 13

DATA PROTECTION ACT

SLIDE 14

BROAD & VAGUE

SLIDE 15

PRIVACY BY DESIGN

SLIDE 16

'

The controller shall implement appropriate technical and organisational measures for ensuring that, by default,

nly personal data which are necessary for

each specific purpose of the processing are processed.

GDPR, Article 25

SLIDE 17

DATA PROTECTION OFFICER

SLIDE 18

SUPERVISORY AUTHORITY

SLIDE 19

FINES

SLIDE 20

€20 MILLION OR 4% OF ANNUAL TURNOVER

SLIDE 21

YOU

SLIDE 22

RAISE YOUR HAND

IF YOU HAVE

SLIDE 23

read CQRS / Event Sourcing theory

RAISE YOUR HAND

IF YOU HAVE

SLIDE 24

read CQRS / Event Sourcing theory followed a tutorial, built a hobby project

RAISE YOUR HAND

IF YOU HAVE

SLIDE 25

read CQRS / Event Sourcing theory followed a tutorial, built a hobby project used it in production

RAISE YOUR HAND

IF YOU HAVE

SLIDE 26

Axon Framework Spring Boot

SLIDE 27

QUICK RECAP CQRS + EVENT SOURCING

SLIDE 28

CQRS

SLIDE 29

COMMAND QUERY RESPONSIBILITY SEGREGATION

SLIDE 30

STORAGE SIDE  VS.  QUERY SIDE

SLIDE 31

UI

@michieltcs

SLIDE 32

Domain UI

Command

commands

Aggregates

@michieltcs

SLIDE 33

Domain UI

Command Repository

Event Store

commands events

Aggregates

@michieltcs

SLIDE 34

Domain UI

Event Bus Event Handlers Command Repository Database Database

Event Store

commands events events

Aggregates

@michieltcs

SLIDE 35

Domain UI

Event Bus Event Handlers Command Repository Data Layer Database Database

Event Store

commands events events queries DTOs

Aggregates

@michieltcs

SLIDE 36

EVENT SOURCING

SLIDE 37

'

Event Sourcing ensures that all changes to application state are stored as a sequence of events.

Martin Fowler

SLIDE 38

ACTIVE RECORD VS. EVENT SOURCING

Account Id Account number Balance 1234 12345678 50,00 ... ... ... Money Withdrawn Account Id 1234 Amount 50,00 Money Deposited Account Id 1234 Amount 100,00 Account Opened Account Id 1234 Account number 12345678

@michieltcs

SLIDE 39

COMMANDS TO EVENTS

Deposit Money Account Id 1234 Amount 100,00

@michieltcs

1 @Value 2 public class DepositMoney { 3 @TargetAggregateIdentifier 4 String accountId; 5 BigDecimal amount; 6 }

SLIDE 40

COMMANDS TO EVENTS

Deposit Money Account Id 1234 Amount 100,00

command  handler

@michieltcs

1 @CommandHandler 2 public void depositMoney(DepositMoney command) { 3 apply(new MoneyDeposited( 4 command.getAccountId(), 5 command.getAmount(), 6 ZonedDateTime.now())); 7 }

SLIDE 41

COMMANDS TO EVENTS

Deposit Money Account Id 1234 Amount 100,00 Money Deposited Account Id 1234 Amount 100,00

command  handler

@michieltcs

1 @Value 2 public class MoneyDeposited { 3 String accountId; 4 BigDecimal amount; 5 ZonedDateTime timestamp; 6 }

SLIDE 42

AGGREGATES

@michieltcs

an Aggregate handles Commands and generates Events based on the current state

SLIDE 43

AGGREGATES

@michieltcs

1 class BankAccount { 2 @AggregateIdentifier 3 private String accountId; 4 private String accountNumber; 5 private BigDecimal balance; 6 7 // ... 8 @EventHandler 9 public void accountOpened(AccountOpened event) { 10 this.accountId = event.getAccountId(); 11 this.accountNumber = event.getAccountNumber(); 12 this.balance = BigDecimal.valueOf(0); 13 } 14 15 @EventHandler 16 public void moneyDeposited(MoneyDeposited event) { 17 this.balance = this.balance.add(event.getAmount()); 18 } 19 }

SLIDE 44

AGGREGATE STATE

Account number Balance 12345678 0,00 Account number Balance 12345678 100,00 Account number Balance 12345678 50,00

event  handler event  handler event  handler

@michieltcs

Money Withdrawn Account Id 1234 Amount 50,00 Money Deposited Account Id 1234 Amount 100,00 Account Opened Account Id 1234 Account number 12345678

SLIDE 45

VALIDATING COMMANDS

@michieltcs

1 @CommandHandler 2 public void withdrawMoney(WithdrawMoney command) throws 3 OverdraftDetectedException { 4 if (balance.compareTo(command.getAmount()) >= 0) { 5 apply(new MoneyWithdrawn( 6 command.getAccountId(), 7 command.getAmount(), 8 ZonedDateTime.now())); 9 } else { 10 throw new OverdraftDetectedException(accountNumber, balance, command. 11 getAmount()); 12 } 13 }

SLIDE 46

TESTING AGGREGATES

@michieltcs

1 public class BankAccountTest { 2 private FixtureConfiguration<BankAccount> fixture; 3 4 @Before 5 public void createFixture() { 6 fixture = new AggregateTestFixture<>(BankAccount.class); 7 } 8 9 @Test 10 public void noOverdraftsOnEmptyAccount() { 11 fixture.given(new AccountOpened(ACCOUNT_ID, ACCOUNT_NUMBER)) 12 .when(new WithdrawMoney(ACCOUNT_ID, new BigDecimal(20))) 13 .expectException(OverdraftDetectedException.class); 14 } 15 16 private final static String ACCOUNT_ID = "accountId"; 17 private final static String ACCOUNT_NUMBER = "accountNumber"; 18 }

SLIDE 47

EVENT SOURCING  & GDPR

SLIDE 48

CONSENT

SLIDE 49

'

Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data.

GDPR, Article 7

SLIDE 50

REGISTERING CONSENT

SLIDE 51

'

...the request for consent shall be presented in a manner which is clearly distinguishable from the other matters...

GDPR, Article 7

SLIDE 52

REVOKING CONSENT

SLIDE 53

'

The data subject shall have the right to withdraw his or her consent at any

time. ... It shall be as easy to withdraw

as to give consent.

GDPR, Article 7

SLIDE 54

WHY USE EVENT SOURCING / CQRS?

SLIDE 55

CAPTURE INTENT

SLIDE 56

DEMONSTRATING CONSENT

SLIDE 57

EVENT LOG  AS AUDIT LOG

SLIDE 58

NEW READ MODELS

SLIDE 59

EASIER DEBUGGING

SLIDE 60

EVENT LOG AS AUDIT LOG

@michieltcs

ConsentedToNewsletters

SLIDE 61

EVENT LOG AS AUDIT LOG

@michieltcs

ConsentedToNewsletters ConsentedToDataGathering

SLIDE 62

EVENT LOG AS AUDIT LOG

@michieltcs

ConsentedToNewsletters ConsentedToDataGathering RevokedConsentToNewsletters

SLIDE 63

"RIGHT TO ACCESS"

SLIDE 64

'

The data subject shall have the right to

btain from the controller

confirmation as to whether or not personal data ... are being processed, and ... access to the personal data ...

GDPR, Article 15

SLIDE 65

"RIGHT TO ERASURE"

SLIDE 66

'

The data subject shall have the right to

btain from the controller the erasure
f personal data concerning him or

her without undue delay

GDPR, Article 17

SLIDE 67

PERSONALLY IDENTIFIABLE INFORMATION

SLIDE 68

'

‘personal data’ means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly

GDPR, Article 4

SLIDE 69

GROUNDS

SLIDE 70

'

.. the personal data are no longer necessary .. the data subject withdraws consent

n which the processing is based
GDPR, Article 17

SLIDE 71

EXCEPTIONS

SLIDE 72

'

.. to comply with a legal obligation .. for the establishment, exercise or defence of legal claims (*)

GDPR, Article 17

SLIDE 73

UNDUE DELAY

SLIDE 74