How would you design GDPR-compliant account deletion in a distributed system?
Reported in Capgemini European engineering loops. EU interviews often test practical privacy engineering and regulatory trade-offs.
Interview scenario
Context for Capgemini candidates:
Your platform stores user data across microservices, analytics systems, and backups. Explain how you would honor GDPR erasure requests while preserving system integrity.
Model answer
Try answering aloud first
Cover trade-offs, structure, and a concrete example before revealing the baseline response.
How to frame this at Capgemini: Connect your answer to measurable impact, clarity of thought, and trade-offs the team cares about. Below is a strong baseline response you can adapt with your own project examples.
Start with a data inventory mapping each data processor and controller responsibility by service. Build a deletion orchestrator that emits an auditable erasure event and tracks per-service completion with retries and dead-letter handling.
Use hard delete for directly identifying fields, tokenization or irreversible anonymization for legally retained records (for tax/fraud obligations), and enforce retention windows in cold storage. Ensure searchable indexes, caches, and data lakes consume the same erasure stream.
Add proof mechanisms: immutable audit log with request ID, legal basis metadata, and SLA monitoring (for example 30 days). This balances compliance, reliability, and operational transparency.
Discussion
Comments (0)
Share how this question came up in your loop, or add tips for others preparing.
Log in to comment on this question.