One of the founding principals of event sourcing is that events are forever, they cannot change or be deleted. You need to keep the entirety of history so that you can derive business value from rebuilding projections or adding new ones to answer new questions or build new features.
In a post GDPR world, this comes into conflict with users being able to assert control over their personal data you are processing. User requests are not the only reason you may need to delete or modify events - a change in requirements may lead to drastic changes in your model and a need to rethink the events in your system.
In this post I’ll explore some of the ways you can manage these situations.