We have a GDPR Art. 17 conflict: immutable WORM storage for compliance vs. deletion requests. How do you handle crypto-shredding at scale without breaking audit trails?
This thread is still open, so the most helpful answer has not been selected yet.
In our infrastructure, we hit the exact tension you describe: immutable S3 buckets with lifecycle policies vs. GDPR Art. 17 erasure requests. What worked was a two-layer approach — the bucket stays immutable for compliance, but we cryptographically shred the encryption keys for specific objects when an erasure request comes in. The objects remain in S3 but are cryptographically unrecoverable, which our DPO accepted as equivalent to deletion. The key was getting this documented and approved BEFORE the first erasure deadline.