GDPR Infrastructure Setup

GDPR requires that EU personal data stays within approved jurisdictions unless adequate safeguards exist. We configure infrastructure to enforce data residency: AWS regions restricted to eu-west-1 and eu-central-1 via SCPs, database replication only within approved regions, backup storage in EU-only S3 buckets, and CDN configurations that do not cache personal data outside the EU. SCP guardrails prevent accidental resource creation in non-compliant regions.

Article 17 requires the ability to delete all personal data on request. We build automated deletion pipelines: a deletion API endpoint triggers cascading deletes across databases, search indices, caches, log systems, and backup systems. Soft-delete with a 30-day retention window handles accidental requests. Deletion receipts are generated as proof of compliance. For backups, we implement crypto-shredding — destroying the encryption key renders the backup data unreadable without physically deleting backup files.

All personal data is encrypted at rest (AES-256 via KMS) and in transit (TLS 1.3). We implement field-level encryption for sensitive attributes (email, phone, address) so database access does not automatically expose PII. Pseudonymization replaces identifiers with tokens for analytics and development environments. Data masking ensures non-production environments never contain real personal data. Encryption key management uses per-tenant keys where feasible for efficient deletion.

GDPR Article 30 requires records of processing activities. We implement technical controls that generate these records automatically: application-level audit logs track who accessed what personal data and why, database query logging captures data access patterns, and API access logs record third-party data sharing. Data processing records are generated from infrastructure metadata — not maintained manually in spreadsheets that go stale immediately.