They had microservices, a data lake, and Grafana dashboards for everything. They didn’t have an answer to “where does this customer’s data live?”
Imagine a fintech company gets a GDPR deletion request on a Tuesday. One line: “Please delete all my data.”
They’ve got everything you’d expect. Observability dashboards. Incident runbooks. A platform team. Grafana alerts for latency spikes. The works.
None of it helps. By Wednesday, three teams are arguing about who owns the customer record. Payments has it. So does analytics. And marketing. And a legacy PostgreSQL instance that two people know exists.
Six weeks and 40 tables later, they’ve missed the 30-day deadline. Giant fine.
The fix takes two days. Lineage mapping and a deletion runbook.
Here’s what I tell clients now: run the drill before a regulator does. Pick one customer. Trace their data across every service. Time yourself. If it takes more than an hour, you don’t have a tooling gap - you have a governance gap. And a deletion request is the cheapest way to find it.
Most teams could map this in two days if someone just started. The blocker is usually not technical. It’s that nobody wants to own the answer.
Walk me through how your team would handle a deletion request today - I’m genuinely curious how different orgs approach this.