GDPR Engineering in .NET Systems & Azure

GDPR is an engineering specification dressed up as a legal text. The articles people quote in compliance meetings — lawful basis, data subject rights, retention limits, accountability — only become real when somebody writes the code that enforces them. Most of the “GDPR programme” work happening in organisations is policy theatre: cookie banners, privacy notices, a quarterly training video. The technical surface where regulators actually look — deletion endpoints, consent ledgers, retention jobs, log scrubbing — gets postponed indefinitely.

The collection here treats GDPR as something you build, not something you sign off on. Data Subject Access Request handling means an endpoint that exports every shred of personal data the user touched, across the operational database, analytics warehouse, message queue, cache, and that legacy system everyone forgot. The right to erasure is the same problem inverted: a coordinated, auditable deletion that reaches every store and proves it. Both fall apart the moment your User entity is a 30-column god object with foreign keys spread across half the schema.

Consent is the article that exposes most implementations as fiction. GDPR Article 7 wants granular, withdrawable, evidence-backed consent with a timestamp and a version. A boolean column called IsConsented is not that. ASP.NET Core Identity with a properly modelled consent ledger, middleware that checks current consent on every request, and an audit trail that survives a database restore is closer to what the regulator expects to see.

Retention is where automation pays back the engineering effort. Azure Storage lifecycle rules, Cosmos DB TTL, scheduled cleanup Functions with immutable run logs — none of these are exotic. They are simply the difference between a policy document and provable deletion. The articles here are about building that difference, not documenting around its absence.

Your Privacy Docs Are Fiction: Let's Fix That with .NET CLI Tools

Your Privacy Docs Are Fiction: Let's Fix That with .NET CLI Tools

Spreadsheet-based privacy audits examine yesterday’s system while today’s code deploys undocumented PII. Build .NET CLI tools that discover all personal data, catch expired consents, and verify deletions. Then fail builds when compliance breaks.
Purpose Limitation in API Design: Leaking Data You Shouldn't

Purpose Limitation in API Design: Leaking Data You Shouldn't

Most APIs expose personal data based on database entities, not caller needs. When a password reset endpoint returns a user’s full profile, purchase history, and marketing preferences, that’s purpose drift. This article shows how to restructure ASP.NET Core APIs around caller purposes using resource-based authorization, consent validation, and field-level access control.
"Just Delete the User": Famous Last Words Before the GDPR Audit

"Just Delete the User": Famous Last Words Before the GDPR Audit

Your PM thinks erasure is a quick database DELETE. Three weeks later, you’ve found user data in seventeen places: production DB, analytics warehouse, Redis cache, Elasticsearch, backup tapes, and that legacy system nobody dares touch. “Delete” actually means orchestrating coordinated erasure across distributed systems, maintaining audit trails, notifying third parties, and proving it worked. This guide shows the fatal patterns I’ve seen fail spectacularly, then walks through proper orchestration with Azure Durable Functions, soft-delete with anonymization, verification checks, and immutable audit logs.
Nobody Runs Your Cleanup Script (And Regulators Know It)

Nobody Runs Your Cleanup Script (And Regulators Know It)

“Storage is cheap” — until your data retention strategy becomes evidence in a GDPR lawsuit.

After 15+ years in enterprise software, I’ve seen this pattern in project after project: elaborate wiki documentation, a cleanup script nobody runs, and production databases growing exponentially with personal data that should have been deleted years ago. The compliance checkbox is marked, but the actual deletion never happens.

When regulators investigate, they don’t want your policy documents. They want execution logs proving deletion actually happened. Azure Storage lifecycle policies, Cosmos DB TTL, and scheduled Functions give you exactly that — automated retention that runs without human intervention, with full audit trails.

Cookie Banners Won't Save You From ISO 27701

Cookie Banners Won't Save You From ISO 27701

That boolean column you call “consent”? Regulators will laugh at it.

ISO 27701 demands granular, auditable, expiring consent, not cookie theater. Here’s the complete .NET implementation with Entity Framework Core, middleware validation, and Azure Functions that survives an audit.