You can't delete an event. GDPR says you must. Crypto-shredding is the truce.

Two rules that can't both be true

Event sourcing has one rule: you never delete. You append. The log is the source of truth, and rewriting history is the cardinal sin.

GDPR Article 17 has one rule too: when a user asks, you erase their personal data. Not "hide it," not "flag it deleted" — erase it, everywhere, including backups.

Put an event-sourced system in front of a privacy regulator and those two rules collide head-on. The user's name, email, and address are baked into CustomerRegistered, AddressChanged, OrderPlaced — dozens of immutable events, replicated to read models, snapshotted, and sitting in every nightly backup you've ever taken.

"Just delete the events" breaks event sourcing. "Never delete" breaks the law. Most teams discover this tension after they've committed to append-only.