There is a lot of buzz in the US around General Data Protection Regulation (GDPR), the digital privacy regulations coming out of the European Union, as we approach the deadline in Europe, but also after the recent testimony of Facebook in front of Congress. People are concerned about their privacy, and progressive, forward-thinking companies in the US are adopting GDPR despite there being no legal requirements for doing so in the US. However, when some of your customers are based in Europe, or you just care about your company’s image when it comes to privacy, it can make a lot of sense to get in alignment with the regulations. All the discussion around informed consent, and keeping users aware of how their data is being collected, aggregated, and shared, has got us thinking about the what role event-driven architecture applied to GDPR might play. An event-driven approach to delivering APIs is all about identifying the most meaningful events occurring via an API platform, and in the case of GDPR, this could be ALL events occurring across end-users data. So anytime a user’s personal data is read, updated, or deleted, an event can be triggered. Then users can be alerted using webhooks, or via real-time streaming enabled via their web or mobile device(s).
Event-driven architecture in service of GDPR makes a lot of sense. If we are truly talking about keeping users informed, the helping them understand how they can tune into, and subscribe to events in real-time, or access a history of events via their profile can make a significant impact. Often times our customers are investing in event-driven solutions because they need to reduce the load on the servers, and are looking to push relevant events to demanding clients. However, in this case, the need driving this implementation is more about keeping end-user aware and informed about ALL account activity, while secondarily satisfying regulatory obligations in Europe, or just satisfying them because it is the right thing to do.
We are continuing to explore how APIs can be leveraged to support GDPR. We feel pretty strongly that web APIs, streaming APIs, and event-driven architecture can help better meet the needs of end users, as well as those of platforms interested in complying with GDPR. Similar to other API related regulation, we are continuing to interpret GDPR, as well as track European and US companies who are being vocal about their support of GDPR. While protecting the privacy of end-users is the most important goal of GDPR, we also feel there are secondary benefits that help companies make better sense of the data they are collecting, aggregating, storing, and making available–which is what Streamdata.io is all about.