Why this matters
Prevents partial erasure and ensures downstream consistency.
Wrap PII scrubbing and session invalidation in a single DB transaction; publish a gdpr.erased event with subject ID and timestamp after commit.
Prevents partial erasure and ensures downstream consistency.
Side-by-side examples engineers can pattern-match during review.
db.Exec("DELETE FROM users WHERE id=$1", id)
// sessions, files, search not handledtx, _ := db.Begin()
, _ = tx.Exec("UPDATE users SET email=NULL, name=NULL WHERE id=$1", id)
_, _ = tx.Exec("DELETE FROM sessions WHERE user_id=$1", id)
_ = tx.Commit()
publish("gdpr.erased", map[string]any{"user_id": id, "at": time.Now()})tx, _ := db.Begin(); / scrub PII / tx.Commit()db.Exec("DELETE FROM users WHERE id=$1", id)From the same buckets as this rule.