Skip to content

Feature Request: GDPR-Compliant Soft Delete with Format-Preserving Encryption #367

@a-abdellatif98

Description

@a-abdellatif98

Problem

While acts_as_paranoid provides excellent soft delete functionality, it doesn't fully address GDPR's "right to be forgotten" requirements. When users request data deletion under GDPR Article 17, simply marking records as deleted_at isn't sufficient because:

  • Sensitive personal data remains readable in the database
  • Compliance officers can't verify true data deletion
  • Database backups still contain recoverable personal information
  • Regulatory audits may flag readable "deleted" data as non-compliant

Proposed Solution

Integrate Format-Preserving Encryption (FF1) to encrypt sensitive columns during soft delete while maintaining data format and existing functionality.

Benefits

  • True GDPR compliance
  • Maintains data format for legacy systems
  • Builds on existing acts_as_paranoid workflow
  • Optional feature - doesn't affect existing users

Proposed Solution

Basic Usage

class User < ApplicationRecord
  acts_as_paranoid
  
  # New feature - specify columns to encrypt on soft delete
  paranoid_encrypt :email, :phone_number, :address
  paranoid_encrypt :ssn, :credit_card, mode: :irreversible
end

# Usage remains identical
user = User.find(1)
user.destroy  # Now encrypts sensitive data + sets deleted_at

# All existing scopes work unchanged
User.with_deleted    # Returns all records (encrypted data shows as encrypted)
User.only_deleted    # Returns soft-deleted records
User.without_deleted # Returns active records (default scope)

Advanced Configuration

class User < ApplicationRecord
  acts_as_paranoid
  
  # Fine-grained control
  paranoid_encrypt :email, :phone, 
                   mode: :irreversible,
                   key: ENV['GDPR_ENCRYPTION_KEY'],
                   context: ->(record) { "user_#{record.id}" }
end

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions