If you posted something into the internet, that means you did something that whole world can see. Therefore concerning about the privacy is a mandatory fact when it comes to interconnected world. That is why there are lots of regulations and acts to control how the end user’s privacy is handled by a system. GDPR is the latest.
General Data Protection Regulation is an act, that is enacted by European parliament to unify and strength the data protection of individuals in European union. Which will be enforced after 25th May 2018. Systems that are running withing the European union or systems that are providing service to European union which has requirements of user information will forced to comply these regulations after its enforcement.
Providing capabilities to control the data privacy in code level will provide an added leverage when it comes to designing systems that should comply with data protection regulations. There are ample amount of design patterns when it comes to developing a privacy concerned system. But changing an existing systems to support new regulations with keeping backward compatibility will be a challenging task.
One approach is to use a pseudonym across the system, instead the privacy concerned user attribute, which will hide the underlying real value without an exclusive mapping. Keeping the user information in a single location and using that pseudonym through out the system will allow central user information management and easy erasure of the data. Without the mapping, pseudonym does not carry any information. Hence having the traces of pseudonym (Ex: In log files.) will not affect the privacy concerns greatly.
As above diagram, changing a legacy system to use a pseudonym inside the system boundary can be done with the minimal API level changes. Which will greatly reduce the complications of giving the backward compatibility and easy migration from older versions to newer versions.