Implemented GDPR across multiple services to support Amazon Go Launch in EU

The General Data Protection Regulation is a Regulation in EU law on data protection and privacy in the EU and the European Economic Area. As Amazon Go was going to launch in EU, we had to make sure all the services followed all the GDPR regulations.

This project involved looking into the data stored for 9 services and follow all GDPR regulations in those services.

GDPR Regulations on multiple services

A couple of services were storing customer data in different databases including S3 and DynamoDB. This work involved identifying the tables and make sure all the historical data were scrapped and new sensitive data should automatically delete. Since Amazon Go stores were open during these data deletion, we had to make sure none of the core functionalities were affected. Since the services were used by other consumers, we had to make sure that these deletions did not cause any breaking changes in them.

• This work unblocked the launch of first Amazon Go in UK in 2021.
• More than 600 million old records were deleted which resulted in DynamoDB and S3 storage savings across 2 services.

This work involved understanding GDPR regulations and looking into the services to understand the data violations. I wrote scripts which would add a "time to live" to the DynamoDB rows. Significant care was taken so that the high throughput did not cause any slow down of the core functionalities in the services and their consumers.