top of page

We share our effort at introducing GDPR compliance into two modern database systems that are both open source and widely used: Redis, an in-memory NoSQL store and PostgreSQL, a full-featured RDBMS. This compliance effort is guided by recommendations in the official blogs of these systems. While we intend to introduce GDPR compliance into more database systems, and integrate them with GDPRbench, we picked Redis and PostgreSQL as our initial choices as they represent distinct design philosophies, and thus provides a level of generality for our findings. You can find more details on code and configuration changes here.

GDPR-Compliant

Redis

Redis-red.png
postgresql grayscale.png

GDPR-Compliant

PostgreSQL

Q1. How do Redis and PostgreSQL perform against GDPR workloads?

We show Redis and PostgreSQL performance against GDPRbench workloads at its default configuration using 100K records, while performing 1K operations (for Redis) & 10K operations (for PostgreSQL).

100%

correctness

3.5X

space overhead

redis-baseline.jpg

100%

5.95X

correctness

space overhead w/ metadata indices

postgres-baseline.jpg

Q2. What overhead is incurred due to GDPR security features?

We evaluate this effect using the industry-standard Yahoo! Cloud Serving Benchmark. Our results show that Redis experiences significantly higher overhead (5×) compared to PostgreSQL (up to 2×).

redis-ycsb.jpg
postgres-ycsb.jpg

Q3. How does an increase in the scale of personal data impact?

Consider a scenario where a company acquires new customers, thereby increasing the overall volume of data in the DB while keeping the data of existing customers unchanged. This experiment then measures how Redis and PostgreSQL perform for queries concerning the original set of customers. Results show that neither systems scale well for GDPR workloads.

redis-customer.jpg

GDPR Customer workload

redis-ycsb-c.jpg

YCSB workload-C

postgres-gdpr-scale.jpg

GDPR Customer workload

postgres-ycsb-c.jpg

YCSB workload-C

Real-world implications 

Compliance may result in high performance overheads

Our work demonstrates that while it is straight forward to retrofit Redis and PostgreSQL into GDPR compliance, the resulting performance degradation

of 2-5x raises fundamental questions of compliance-efficiency tradeoffs

bottom of page