HLDsystem_design~12 mins

Data privacy and compliance (GDPR) in HLD - Architecture Diagram

Choose your learning style9 modes available

Learn Why Deep Arch Practice Challenge Design Recall Scale

System Overview - Data privacy and compliance (GDPR)

This system ensures that user data is handled according to GDPR rules. It manages user consent, data access, and deletion requests while protecting privacy. The system also logs all data processing activities for compliance audits.

Architecture Diagram

User
  |
  v
Load Balancer
  |
  v
API Gateway
  |
  +--------------------+--------------------+
  |                    |                    |
Consent Service    Data Processing Service     Audit Logging Service
  |                    |                    |
  v                    v                    v
Consent DB         Encrypted DB         Audit DB
  |
  v
Cache (for consent status)

Components

User

actor

Person interacting with the system, providing consent and data requests

Load Balancer

load_balancer

Distributes incoming requests evenly to API Gateway instances

API Gateway

api_gateway

Central entry point that routes requests to appropriate services and enforces security

Consent Service

service

Manages user consent records and consent status

Data Processing Service

service

Handles user data operations like access, update, and deletion with encryption

Audit Logging Service

service

Records all data processing activities for compliance auditing

Consent DB

database

Stores user consent information securely

Encrypted DB

database

Stores user personal data encrypted at rest

Audit DB

database

Stores immutable logs of data processing events

Cache (for consent status)

cache

Speeds up consent status checks to reduce latency

Request Flow - 13 Hops

User → Load Balancer

Load Balancer → API Gateway

API Gateway → Cache (for consent status)

Cache (for consent status) → API Gateway

API Gateway → Consent Service

Consent Service → Consent DB

Consent Service → Cache (for consent status)

API Gateway → Data Processing Service

Data Processing Service → Encrypted DB

Data Processing Service → Audit Logging Service

Audit Logging Service → Audit DB

API Gateway → Load Balancer

Load Balancer → User

Failure Scenario

Component Fails:Consent DB

Impact:Consent Service cannot verify or update user consent, blocking data access or updates to comply with GDPR

Mitigation:Use database replication and failover to a standby Consent DB instance; cache consent status to serve recent requests temporarily

Architecture Quiz - 3 Questions

Test your understanding

Which component is responsible for routing user requests to the correct service?

AConsent Service

BAPI Gateway

CLoad Balancer

DAudit Logging Service

Design Principle

This architecture uses layered services with caching and encryption to ensure GDPR compliance. It separates consent management, data processing, and auditing to maintain clear responsibilities and secure data handling. Caching improves performance while audit logs provide traceability for compliance.