GDPR-Compliant Per-User Encryption for Kafka
Kafka's log is immutable and replicated everywhere; GDPR demands you make a user's data unreachable on request. Per-user DEKs in Postgres, an Avro envelope on the wire, and crypto-shredding gets you both — without ever mutating Kafka.