top | item 24196973

(no title)

toong | 5 years ago

Store customer data immutable and encrypted, with a unique AES encryption key per customer. Encrypt that AES key again with a single RSA key-pair and store the encrypted AES-key in a database.

You can access your customer data, using the customer-specific AES key. You can access the customer-specific AES key using your private RSA key.

When you need to delete the customer data under GDPR, you can delete the encrypted AES key for that customer from your database.

discuss

chmod775|5 years ago

> Store customer data immutable and encrypted, with a unique AES encryption key per customer. Encrypt that AES key again with a single RSA key-pair and store the encrypted AES-key in a database.

Now you have the worst of both worlds. You also now have 2 points of failure where data can get lost, because if either has a problem you lose data.

Ensorceled|5 years ago

I can't think of a mechanism where you can lose the customer's database records but can still recover files associated with that customer ...