Compliance and Data Retention in Event-Driven Architecture

Cymo 61Back to overview

Information is power, even more so when it comes to doing business. Being able to respond quickly and effectively to changing conditions is essential for success. Luckily, an Event-Driven Architecture (EDA) can help you manage the flow of information and enable real-time decision-making.

However, with great power comes great responsibility. Compliance and data retention are critical components of any EDA, but organisations tend to overlook them. In this blog, we’ll explore the importance of both aspects and discuss strategies for managing these complex issues.

Why are compliance and data retention important?

EDA involves producing, consuming, and managing events that carry valuable business information, so it is key to keep these events stored securely. Compliance ensures that you do this by the rules and helps you avoid fines, while data retention policies will help you determine how long your organisation will store the events.

However, it's not just about avoiding risks and ensuring the data is available when needed. As we'll explain later, it's also about using this data to gain insights. Event-Driven Architecture saves valuable behavioural data as business events on an event hub like Kafka, which you can use for both real-time analysis through monitoring tools and in-depth analysis later.

How does data retention work in an EDA?

If you want your event hub to be compliant, you will have to establish data retention policies. This involves three key steps:

  1. Assign someone who will be accountable, and more importantly, give them the time and resources they need to perform their task well.
  2. Identify the relevant data to be stored, in accordance with privacy rights and other legislation.
  3. Define the rules and ensure that your setup complies with these rules. For example, Kafka has a default retention period of seven days, but unlike a regular service bus it also lets you store data without an expiration date.

There are several strategies for managing data retention in EDA, but they all try to balance the value of retained data against the cost and complexity of storage. The most popular strategies are:

  • Tiered storage: Use various storage options for new and old event data. Store new data in quicker, pricier storage, and move old data to slower, cheaper storage. This will lower costs and let you keep data for future analysis.
  • Compaction and deletion policies: Set policies that automatically remove or compact old events that are not useful anymore. This helps you follow legal and business rules and lowers the risk of data breaches. However, you will have to monitor how these policies run to prevent losing data you still need.
  • Archiving: Transfer data that has a long retention period but is not used often to archival storage systems. Like tiered storage, this helps to lower the expense and difficulty of storage while making sure that the data is accessible when you need it.

Why is data retention important?

As we mentioned earlier, having historical data to supplement your real-time data will help you with more comprehensive insights. Identifying long-term trends and patterns will improve your decision-making, especially when it comes to predictive modelling and improving your processes. For example, one of our clients uses their historical data to enable predictive maintenance on the machines they rent out.

You can also use historical data for simulations, since the data on your event hub is like a digital twin of your organisation. You can mix this historical data with simulated data to assess how important changes such as new facilities, new employees, and new machines will affect your productivity.

A good data retention policy will also help you bounce back from a system failure or data loss more effectively. By ensuring that event data is duplicated and stored for a period of time, you will be able to continue your operations quicker and with less data loss. Managed event hub platforms also offer Active - Active or Active - Passive cluster linking to help with fast recovery, but they are costly and do not ensure data protection.

Are backups important in an EDA?

Definitely. Storing events securely will help you to recreate the state of an entity or application at any moment in time. This is essential for managing complicated business processes, audits, and sometimes for reversing operations. For example, if you receive a customer complaint, you can examine the related previous events, identify the cause and location of the problem, and fix it.

To ensure availability, most event hubs make copies of data, but that includes data that has been unintentionally deleted. That's why you should consider a backup solution that is simple and convenient to use, such asKannika.

These kinds of backups only append data; if the retention policy for backups has been configured properly, Kannika will not remove any data. It also reduces the size of the data, making it affordable to store and easily accessible when you need it.


In conclusion, compliance and data retention are critical components of an Event-Driven Architecture (EDA). They will help you meet legal obligations, protect valuable data, and learn from historical data. With effective compliance and data retention policies, you can weigh the worth of retained data against the cost and complexity of storage, while gaining an edge through real-time decision-making and in-depth analysis.

You can use several strategies to manage data retention, including tiered storage, compaction and deletion policies, and archiving. To ensure availability and handle complex business processes, make sure to look at a solution for back-ups as well.

Need an innovative and flexible solution for back-ups in an Event-Driven Architecture environment?

Try out Kannika today!

Written byKris Van Vlaenderen