How to deploy your applications with GDPR compliance using Kubernetes

Hello guys, In this article I am going to explain you the brief about GDPR compliance and what will be strategy to deploy applications all over the globe using regional kubernetes clusters and Database clusters.

What is GDPR?

GDPR stands for General Data Protection Regulation. This means that as soon as any organization is delivering their software products to EU customers then the organization must have their software products according to GDPR compliance. So the personally identified user data must be stored and processed in the respective user’s country/region. The goal of GDPR is to ensure that your data is treated as private. Not only it should be protected, but it also must live geographically in a location where it can’t be stolen. For more details click here.

Implementation

As GDPR states that if enterprises have to store any personally identified data the they must have to store and process it in that country/region only. To fulfill this purpose enterprises have to deploy their applications with dedicated Databases in the user's region. Dedicated regional databases will ensure that the user's data is stored in his region only.

1. Go with microservices architecture so you can decide which microservice is going to deploy regionally and which one is globally. For Eg. In any web application users are globally unique so you can have globally deployed microservices for user creation and authentication. (Note - Do take user’s personally identified data while creating user accounts.)
2. Create Kubernetes clusters in the user's region and the dedicated database. For High availability, you can have multiple Kubernetes clusters in the same region but in different availability zones. Then Create front-facing load balancer for all Kubernetes clusters in each region so you will have unique URL’s for your services according to region. By using Kubernetes you can easily scale up your microservices which is having more traffic.
3. Use CICD pipelines or deployment automation tools in such a way that docker images used for microservices will build once and release many times according to deployment strategy. So you may end up with a build pipeline and release pipeline which will decide when and where to release a new build. By this kind of pipeline you can follow a canary deployment strategy (a pattern for rolling out releases to a subset of users or servers)

So these are my thoughts on GDPR compliance application deployments. Please feel free to add your opinions in the comments.