Hi!
A little while ago, a potential issue of Elasticsearch (primarilty when used as a primary data store – which you shouldn't do) and the GDPR occured to me.
I recently wrote a blog post about the subject, but the gist of it is that one can't necessarily guarantee deletion of data within 30 days (in accordance with the GDPR) because of how Lucene segment merging works, as well as a myriad of other tetchnical details.
Does Elastic (or the community, for that matter) have any thoughts about this – anything from musings to pratical, technical insights?
I'm aware that Lucene 7.5 is just around the corner, which will make it feasable to be compliant (at least in theory), but I'd really appreciate some different perspectives on the subject.