diff --git a/baseline.xml b/baseline.xml
index 617141b91..0d4322928 100644
--- a/baseline.xml
+++ b/baseline.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.22.2@d768d914152dbbf3486c36398802f74e80cfde48">
+<files psalm-version="5.23.1@8471a896ccea3526b26d082f4461eeea467f10a4">
   <file src="src/Aggregate/AggregateRootBehaviour.php">
     <UnsafeInstantiation>
       <code><![CDATA[new static()]]></code>
@@ -15,6 +15,28 @@
       <code><![CDATA[class DoctrineHelper]]></code>
     </ClassNotFinal>
   </file>
+  <file src="src/Cryptography/Cipher/OpensslCipherKeyFactory.php">
+    <ArgumentTypeCoercion>
+      <code><![CDATA[openssl_random_pseudo_bytes($ivLength)]]></code>
+      <code><![CDATA[openssl_random_pseudo_bytes($this->length)]]></code>
+    </ArgumentTypeCoercion>
+  </file>
+  <file src="src/Cryptography/DefaultEventPayloadCryptographer.php">
+    <MixedArgument>
+      <code><![CDATA[$data[$propertyMetadata->fieldName]]]></code>
+    </MixedArgument>
+    <MixedAssignment>
+      <code><![CDATA[$data[$propertyMetadata->fieldName]]]></code>
+      <code><![CDATA[$data[$propertyMetadata->fieldName]]]></code>
+      <code><![CDATA[$data[$propertyMetadata->fieldName]]]></code>
+    </MixedAssignment>
+  </file>
+  <file src="src/Cryptography/Store/DoctrineCipherKeyStore.php">
+    <ArgumentTypeCoercion>
+      <code><![CDATA[base64_decode($result['crypto_iv'])]]></code>
+      <code><![CDATA[base64_decode($result['crypto_key'])]]></code>
+    </ArgumentTypeCoercion>
+  </file>
   <file src="src/EventBus/AttributeListenerProvider.php">
     <MixedMethodCall>
       <code><![CDATA[$method->getName()]]></code>
@@ -88,12 +110,21 @@
       <code><![CDATA[Closure(Message):void]]></code>
     </MixedReturnTypeCoercion>
   </file>
-  <file src="tests/Benchmark/BasicImplementation/Aggregate/Profile.php">
+  <file src="tests/Benchmark/BasicImplementation/Profile.php">
     <PropertyNotSetInConstructor>
+      <code><![CDATA[$email]]></code>
       <code><![CDATA[$id]]></code>
       <code><![CDATA[$name]]></code>
     </PropertyNotSetInConstructor>
   </file>
+  <file src="tests/Benchmark/PersonalDataBench.php">
+    <MissingConstructor>
+      <code><![CDATA[$bus]]></code>
+      <code><![CDATA[$id]]></code>
+      <code><![CDATA[$repository]]></code>
+      <code><![CDATA[$store]]></code>
+    </MissingConstructor>
+  </file>
   <file src="tests/Benchmark/SimpleSetupBench.php">
     <MissingConstructor>
       <code><![CDATA[$bus]]></code>
@@ -145,6 +176,17 @@
       <code><![CDATA[$name]]></code>
     </PropertyNotSetInConstructor>
   </file>
+  <file src="tests/Integration/PersonalData/PersonalDataTest.php">
+    <MixedArgument>
+      <code><![CDATA[$row['payload']]]></code>
+    </MixedArgument>
+  </file>
+  <file src="tests/Integration/PersonalData/Profile.php">
+    <PropertyNotSetInConstructor>
+      <code><![CDATA[$id]]></code>
+      <code><![CDATA[$name]]></code>
+    </PropertyNotSetInConstructor>
+  </file>
   <file src="tests/Integration/Pipeline/Aggregate/Profile.php">
     <PropertyNotSetInConstructor>
       <code><![CDATA[$id]]></code>
diff --git a/phpstan-baseline.neon b/phpstan-baseline.neon
index e97903bba..3cec5d190 100644
--- a/phpstan-baseline.neon
+++ b/phpstan-baseline.neon
@@ -5,6 +5,31 @@ parameters:
 			count: 1
 			path: src/Console/DoctrineHelper.php
 
+		-
+			message: "#^Parameter \\#1 \\$key of class Patchlevel\\\\EventSourcing\\\\Cryptography\\\\Cipher\\\\CipherKey constructor expects non\\-empty\\-string, string given\\.$#"
+			count: 1
+			path: src/Cryptography/Cipher/OpensslCipherKeyFactory.php
+
+		-
+			message: "#^Parameter \\#3 \\$iv of class Patchlevel\\\\EventSourcing\\\\Cryptography\\\\Cipher\\\\CipherKey constructor expects non\\-empty\\-string, string given\\.$#"
+			count: 1
+			path: src/Cryptography/Cipher/OpensslCipherKeyFactory.php
+
+		-
+			message: "#^Parameter \\#2 \\$data of method Patchlevel\\\\EventSourcing\\\\Cryptography\\\\Cipher\\\\Cipher\\:\\:decrypt\\(\\) expects string, mixed given\\.$#"
+			count: 1
+			path: src/Cryptography/DefaultEventPayloadCryptographer.php
+
+		-
+			message: "#^Parameter \\#1 \\$key of class Patchlevel\\\\EventSourcing\\\\Cryptography\\\\Cipher\\\\CipherKey constructor expects non\\-empty\\-string, string given\\.$#"
+			count: 1
+			path: src/Cryptography/Store/DoctrineCipherKeyStore.php
+
+		-
+			message: "#^Parameter \\#3 \\$iv of class Patchlevel\\\\EventSourcing\\\\Cryptography\\\\Cipher\\\\CipherKey constructor expects non\\-empty\\-string, string given\\.$#"
+			count: 1
+			path: src/Cryptography/Store/DoctrineCipherKeyStore.php
+
 		-
 			message: "#^Parameter \\#2 \\$data of method Patchlevel\\\\Hydrator\\\\Hydrator\\:\\:hydrate\\(\\) expects array\\<string, mixed\\>, mixed given\\.$#"
 			count: 1
diff --git a/src/Attribute/DataSubjectId.php b/src/Attribute/DataSubjectId.php
new file mode 100644
index 000000000..e41005217
--- /dev/null
+++ b/src/Attribute/DataSubjectId.php
@@ -0,0 +1,12 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Attribute;
+
+use Attribute;
+
+#[Attribute(Attribute::TARGET_PROPERTY)]
+final class DataSubjectId
+{
+}
diff --git a/src/Attribute/PersonalData.php b/src/Attribute/PersonalData.php
new file mode 100644
index 000000000..097ab336f
--- /dev/null
+++ b/src/Attribute/PersonalData.php
@@ -0,0 +1,16 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Attribute;
+
+use Attribute;
+
+#[Attribute(Attribute::TARGET_PROPERTY)]
+final class PersonalData
+{
+    public function __construct(
+        public readonly mixed $fallback = null,
+    ) {
+    }
+}
diff --git a/src/Cryptography/Cipher/Cipher.php b/src/Cryptography/Cipher/Cipher.php
new file mode 100644
index 000000000..71b0329e0
--- /dev/null
+++ b/src/Cryptography/Cipher/Cipher.php
@@ -0,0 +1,14 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Cryptography\Cipher;
+
+interface Cipher
+{
+    /** @throws EncryptionFailed */
+    public function encrypt(CipherKey $key, mixed $data): string;
+
+    /** @throws DecryptionFailed */
+    public function decrypt(CipherKey $key, string $data): mixed;
+}
diff --git a/src/Cryptography/Cipher/CipherKey.php b/src/Cryptography/Cipher/CipherKey.php
new file mode 100644
index 000000000..b8613860c
--- /dev/null
+++ b/src/Cryptography/Cipher/CipherKey.php
@@ -0,0 +1,20 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Cryptography\Cipher;
+
+final class CipherKey
+{
+    /**
+     * @param non-empty-string $key
+     * @param non-empty-string $method
+     * @param non-empty-string $iv
+     */
+    public function __construct(
+        public readonly string $key,
+        public readonly string $method,
+        public readonly string $iv,
+    ) {
+    }
+}
diff --git a/src/Cryptography/Cipher/CipherKeyFactory.php b/src/Cryptography/Cipher/CipherKeyFactory.php
new file mode 100644
index 000000000..562979c07
--- /dev/null
+++ b/src/Cryptography/Cipher/CipherKeyFactory.php
@@ -0,0 +1,11 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Cryptography\Cipher;
+
+interface CipherKeyFactory
+{
+    /** @throws CreateCipherKeyFailed */
+    public function __invoke(): CipherKey;
+}
diff --git a/src/Cryptography/Cipher/CreateCipherKeyFailed.php b/src/Cryptography/Cipher/CreateCipherKeyFailed.php
new file mode 100644
index 000000000..e884c9e09
--- /dev/null
+++ b/src/Cryptography/Cipher/CreateCipherKeyFailed.php
@@ -0,0 +1,15 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Cryptography\Cipher;
+
+use RuntimeException;
+
+final class CreateCipherKeyFailed extends RuntimeException
+{
+    public function __construct()
+    {
+        parent::__construct('create cipher key failed');
+    }
+}
diff --git a/src/Cryptography/Cipher/DecryptionFailed.php b/src/Cryptography/Cipher/DecryptionFailed.php
new file mode 100644
index 000000000..107a7c300
--- /dev/null
+++ b/src/Cryptography/Cipher/DecryptionFailed.php
@@ -0,0 +1,15 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Cryptography\Cipher;
+
+use RuntimeException;
+
+final class DecryptionFailed extends RuntimeException
+{
+    public function __construct()
+    {
+        parent::__construct('decryption failed');
+    }
+}
diff --git a/src/Cryptography/Cipher/EncryptionFailed.php b/src/Cryptography/Cipher/EncryptionFailed.php
new file mode 100644
index 000000000..eb1dde6ee
--- /dev/null
+++ b/src/Cryptography/Cipher/EncryptionFailed.php
@@ -0,0 +1,15 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Cryptography\Cipher;
+
+use RuntimeException;
+
+final class EncryptionFailed extends RuntimeException
+{
+    public function __construct()
+    {
+        parent::__construct('encryption failed');
+    }
+}
diff --git a/src/Cryptography/Cipher/OpensslCipher.php b/src/Cryptography/Cipher/OpensslCipher.php
new file mode 100644
index 000000000..8d2f7723c
--- /dev/null
+++ b/src/Cryptography/Cipher/OpensslCipher.php
@@ -0,0 +1,61 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Cryptography\Cipher;
+
+use function base64_decode;
+use function base64_encode;
+use function json_decode;
+use function json_encode;
+use function openssl_decrypt;
+use function openssl_encrypt;
+
+use const JSON_THROW_ON_ERROR;
+
+final class OpensslCipher implements Cipher
+{
+    public function encrypt(CipherKey $key, mixed $data): string
+    {
+        $encryptedData = openssl_encrypt(
+            $this->dataEncode($data),
+            $key->method,
+            $key->key,
+            0,
+            $key->iv,
+        );
+
+        if ($encryptedData === false) {
+            throw new EncryptionFailed();
+        }
+
+        return base64_encode($encryptedData);
+    }
+
+    public function decrypt(CipherKey $key, string $data): mixed
+    {
+        $data = openssl_decrypt(
+            base64_decode($data),
+            $key->method,
+            $key->key,
+            0,
+            $key->iv,
+        );
+
+        if ($data === false) {
+            throw new DecryptionFailed();
+        }
+
+        return $this->dataDecode($data);
+    }
+
+    private function dataEncode(mixed $data): string
+    {
+        return json_encode($data, JSON_THROW_ON_ERROR);
+    }
+
+    private function dataDecode(string $data): mixed
+    {
+        return json_decode($data, true, 512, JSON_THROW_ON_ERROR);
+    }
+}
diff --git a/src/Cryptography/Cipher/OpensslCipherKeyFactory.php b/src/Cryptography/Cipher/OpensslCipherKeyFactory.php
new file mode 100644
index 000000000..b2cf2e7cb
--- /dev/null
+++ b/src/Cryptography/Cipher/OpensslCipherKeyFactory.php
@@ -0,0 +1,40 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Cryptography\Cipher;
+
+use function openssl_cipher_iv_length;
+use function openssl_random_pseudo_bytes;
+
+final class OpensslCipherKeyFactory implements CipherKeyFactory
+{
+    public const DEFAULT_LENGTH = 32;
+
+    public const DEFAULT_METHOD = 'aes128';
+
+    /**
+     * @param positive-int     $length
+     * @param non-empty-string $method
+     */
+    public function __construct(
+        private readonly int $length = self::DEFAULT_LENGTH,
+        private readonly string $method = self::DEFAULT_METHOD,
+    ) {
+    }
+
+    public function __invoke(): CipherKey
+    {
+        $ivLength = openssl_cipher_iv_length($this->method);
+
+        if ($ivLength === false) {
+            throw new CreateCipherKeyFailed();
+        }
+
+        return new CipherKey(
+            openssl_random_pseudo_bytes($this->length),
+            $this->method,
+            openssl_random_pseudo_bytes($ivLength),
+        );
+    }
+}
diff --git a/src/Cryptography/DefaultEventPayloadCryptographer.php b/src/Cryptography/DefaultEventPayloadCryptographer.php
new file mode 100644
index 000000000..6f20ad7ab
--- /dev/null
+++ b/src/Cryptography/DefaultEventPayloadCryptographer.php
@@ -0,0 +1,145 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Cryptography;
+
+use Patchlevel\EventSourcing\Cryptography\Cipher\Cipher;
+use Patchlevel\EventSourcing\Cryptography\Cipher\CipherKeyFactory;
+use Patchlevel\EventSourcing\Cryptography\Cipher\DecryptionFailed;
+use Patchlevel\EventSourcing\Cryptography\Cipher\OpensslCipher;
+use Patchlevel\EventSourcing\Cryptography\Cipher\OpensslCipherKeyFactory;
+use Patchlevel\EventSourcing\Cryptography\Store\CipherKeyNotExists;
+use Patchlevel\EventSourcing\Cryptography\Store\CipherKeyStore;
+use Patchlevel\EventSourcing\Metadata\Event\EventMetadataFactory;
+
+use function array_key_exists;
+use function is_string;
+
+final class DefaultEventPayloadCryptographer implements EventPayloadCryptographer
+{
+    public function __construct(
+        private readonly EventMetadataFactory $eventMetadataFactory,
+        private readonly CipherKeyStore $cipherKeyStore,
+        private readonly CipherKeyFactory $cipherKeyFactory,
+        private readonly Cipher $cipher,
+    ) {
+    }
+
+    /**
+     * @param class-string         $class
+     * @param array<string, mixed> $data
+     *
+     * @return array<string, mixed>
+     */
+    public function encrypt(string $class, array $data): array
+    {
+        $subjectId = $this->subjectId($class, $data);
+
+        if ($subjectId === null) {
+            return $data;
+        }
+
+        try {
+            $cipherKey = $this->cipherKeyStore->get($subjectId);
+        } catch (CipherKeyNotExists) {
+            $cipherKey = ($this->cipherKeyFactory)();
+            $this->cipherKeyStore->store($subjectId, $cipherKey);
+        }
+
+        $metadata = $this->eventMetadataFactory->metadata($class);
+
+        foreach ($metadata->propertyMetadata as $propertyMetadata) {
+            if (!$propertyMetadata->isPersonalData) {
+                continue;
+            }
+
+            $data[$propertyMetadata->fieldName] = $this->cipher->encrypt(
+                $cipherKey,
+                $data[$propertyMetadata->fieldName],
+            );
+        }
+
+        return $data;
+    }
+
+    /**
+     * @param class-string         $class
+     * @param array<string, mixed> $data
+     *
+     * @return array<string, mixed>
+     */
+    public function decrypt(string $class, array $data): array
+    {
+        $subjectId = $this->subjectId($class, $data);
+
+        if ($subjectId === null) {
+            return $data;
+        }
+
+        try {
+            $cipherKey = $this->cipherKeyStore->get($subjectId);
+        } catch (CipherKeyNotExists) {
+            $cipherKey = null;
+        }
+
+        $metadata = $this->eventMetadataFactory->metadata($class);
+
+        foreach ($metadata->propertyMetadata as $propertyMetadata) {
+            if (!$propertyMetadata->isPersonalData) {
+                continue;
+            }
+
+            if (!$cipherKey) {
+                $data[$propertyMetadata->fieldName] = $propertyMetadata->personalDataFallback;
+                continue;
+            }
+
+            try {
+                $data[$propertyMetadata->fieldName] = $this->cipher->decrypt(
+                    $cipherKey,
+                    $data[$propertyMetadata->fieldName],
+                );
+            } catch (DecryptionFailed) {
+                $data[$propertyMetadata->fieldName] = $propertyMetadata->personalDataFallback;
+            }
+        }
+
+        return $data;
+    }
+
+    /**
+     * @param class-string         $class
+     * @param array<string, mixed> $data
+     */
+    private function subjectId(string $class, array $data): string|null
+    {
+        $metadata = $this->eventMetadataFactory->metadata($class);
+
+        if ($metadata->dataSubjectIdField === null) {
+            return null;
+        }
+
+        if (!array_key_exists($metadata->dataSubjectIdField, $data)) {
+            throw new MissingSubjectId();
+        }
+
+        $subjectId = $data[$metadata->dataSubjectIdField];
+
+        if (!is_string($subjectId)) {
+            throw new UnsupportedSubjectId($subjectId);
+        }
+
+        return $subjectId;
+    }
+
+    public static function createWithOpenssl(EventMetadataFactory $eventMetadataFactory, CipherKeyStore $cryptoStore): static
+    {
+        return new self(
+            $eventMetadataFactory,
+            $cryptoStore,
+            new OpensslCipherKeyFactory(),
+            new OpensslCipher(),
+        );
+    }
+}
diff --git a/src/Cryptography/EventPayloadCryptographer.php b/src/Cryptography/EventPayloadCryptographer.php
new file mode 100644
index 000000000..ea1aa6569
--- /dev/null
+++ b/src/Cryptography/EventPayloadCryptographer.php
@@ -0,0 +1,24 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Cryptography;
+
+interface EventPayloadCryptographer
+{
+    /**
+     * @param class-string         $class
+     * @param array<string, mixed> $data
+     *
+     * @return array<string, mixed>
+     */
+    public function encrypt(string $class, array $data): array;
+
+    /**
+     * @param class-string         $class
+     * @param array<string, mixed> $data
+     *
+     * @return array<string, mixed>
+     */
+    public function decrypt(string $class, array $data): array;
+}
diff --git a/src/Cryptography/MissingSubjectId.php b/src/Cryptography/MissingSubjectId.php
new file mode 100644
index 000000000..7ee85d2e1
--- /dev/null
+++ b/src/Cryptography/MissingSubjectId.php
@@ -0,0 +1,15 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Cryptography;
+
+use RuntimeException;
+
+final class MissingSubjectId extends RuntimeException
+{
+    public function __construct()
+    {
+        parent::__construct('missing subject id');
+    }
+}
diff --git a/src/Cryptography/Store/CipherKeyNotExists.php b/src/Cryptography/Store/CipherKeyNotExists.php
new file mode 100644
index 000000000..0a0572034
--- /dev/null
+++ b/src/Cryptography/Store/CipherKeyNotExists.php
@@ -0,0 +1,17 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Cryptography\Store;
+
+use RuntimeException;
+
+use function sprintf;
+
+final class CipherKeyNotExists extends RuntimeException
+{
+    public function __construct(string $id)
+    {
+        parent::__construct(sprintf('Cipher key with subject id "%s" not found', $id));
+    }
+}
diff --git a/src/Cryptography/Store/CipherKeyStore.php b/src/Cryptography/Store/CipherKeyStore.php
new file mode 100644
index 000000000..243ac8435
--- /dev/null
+++ b/src/Cryptography/Store/CipherKeyStore.php
@@ -0,0 +1,17 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Cryptography\Store;
+
+use Patchlevel\EventSourcing\Cryptography\Cipher\CipherKey;
+
+interface CipherKeyStore
+{
+    /** @throws CipherKeyNotExists */
+    public function get(string $id): CipherKey;
+
+    public function store(string $id, CipherKey $key): void;
+
+    public function remove(string $id): void;
+}
diff --git a/src/Cryptography/Store/DoctrineCipherKeyStore.php b/src/Cryptography/Store/DoctrineCipherKeyStore.php
new file mode 100644
index 000000000..43c2b0b76
--- /dev/null
+++ b/src/Cryptography/Store/DoctrineCipherKeyStore.php
@@ -0,0 +1,105 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Cryptography\Store;
+
+use Doctrine\DBAL\Connection;
+use Doctrine\DBAL\Schema\Schema;
+use Patchlevel\EventSourcing\Cryptography\Cipher\CipherKey;
+use Patchlevel\EventSourcing\Schema\DoctrineSchemaConfigurator;
+
+use function array_key_exists;
+use function base64_decode;
+use function base64_encode;
+
+/**
+ * @psalm-type Row = array{
+ *     subject_id: non-empty-string,
+ *     crypto_key: non-empty-string,
+ *     crypto_method: non-empty-string,
+ *     crypto_iv: non-empty-string
+ * }
+ */
+final class DoctrineCipherKeyStore implements CipherKeyStore, DoctrineSchemaConfigurator
+{
+    /** @var array<string, CipherKey> */
+    private array $keys = [];
+
+    public function __construct(
+        private readonly Connection $connection,
+        private readonly string $tableName = 'crypto_keys',
+    ) {
+    }
+
+    public function get(string $id): CipherKey
+    {
+        if (array_key_exists($id, $this->keys)) {
+            return $this->keys[$id];
+        }
+
+        /** @var Row|false $result */
+        $result = $this->connection->fetchAssociative(
+            "SELECT * FROM {$this->tableName} WHERE subject_id = :subject_id",
+            ['subject_id' => $id],
+        );
+
+        if ($result === false) {
+            throw new CipherKeyNotExists($id);
+        }
+
+        $this->keys[$id] = new CipherKey(
+            base64_decode($result['crypto_key']),
+            $result['crypto_method'],
+            base64_decode($result['crypto_iv']),
+        );
+
+        return $this->keys[$id];
+    }
+
+    public function store(string $id, CipherKey $key): void
+    {
+        $this->connection->insert($this->tableName, [
+            'subject_id' => $id,
+            'crypto_key' => base64_encode($key->key),
+            'crypto_method' => $key->method,
+            'crypto_iv' => base64_encode($key->iv),
+        ]);
+
+        $this->keys[$id] = $key;
+    }
+
+    public function remove(string $id): void
+    {
+        $this->connection->delete($this->tableName, ['subject_id' => $id]);
+
+        unset($this->keys[$id]);
+    }
+
+    public function configureSchema(Schema $schema, Connection $connection): void
+    {
+        if ($connection !== $this->connection) {
+            return;
+        }
+
+        $table = $schema->createTable($this->tableName);
+        $table->addColumn('subject_id', 'string')
+            ->setNotnull(true)
+            ->setLength(255);
+        $table->addColumn('crypto_key', 'string')
+            ->setNotnull(true)
+            ->setLength(255);
+        $table->addColumn('crypto_method', 'string')
+            ->setNotnull(true)
+            ->setLength(255);
+        $table->addColumn('crypto_iv', 'string')
+            ->setNotnull(true)
+            ->setLength(255);
+        $table->setPrimaryKey(['subject_id']);
+    }
+
+    public function clear(): void
+    {
+        $this->keys = [];
+    }
+}
diff --git a/src/Cryptography/Store/InMemoryCipherKeyStore.php b/src/Cryptography/Store/InMemoryCipherKeyStore.php
new file mode 100644
index 000000000..7bf8c5f3e
--- /dev/null
+++ b/src/Cryptography/Store/InMemoryCipherKeyStore.php
@@ -0,0 +1,33 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Cryptography\Store;
+
+use Patchlevel\EventSourcing\Cryptography\Cipher\CipherKey;
+
+final class InMemoryCipherKeyStore implements CipherKeyStore
+{
+    /** @var array<string, CipherKey> */
+    private array $keys = [];
+
+    public function get(string $id): CipherKey
+    {
+        return $this->keys[$id] ?? throw new CipherKeyNotExists($id);
+    }
+
+    public function store(string $id, CipherKey $key): void
+    {
+        $this->keys[$id] = $key;
+    }
+
+    public function remove(string $id): void
+    {
+        unset($this->keys[$id]);
+    }
+
+    public function clear(): void
+    {
+        $this->keys = [];
+    }
+}
diff --git a/src/Cryptography/UnsupportedSubjectId.php b/src/Cryptography/UnsupportedSubjectId.php
new file mode 100644
index 000000000..ea0d6f8a4
--- /dev/null
+++ b/src/Cryptography/UnsupportedSubjectId.php
@@ -0,0 +1,18 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Cryptography;
+
+use RuntimeException;
+
+use function get_debug_type;
+use function sprintf;
+
+final class UnsupportedSubjectId extends RuntimeException
+{
+    public function __construct(mixed $subjectId)
+    {
+        parent::__construct(sprintf('unsupported subject id: should be a string, got %s', get_debug_type($subjectId)));
+    }
+}
diff --git a/src/Metadata/Event/AttributeEventMetadataFactory.php b/src/Metadata/Event/AttributeEventMetadataFactory.php
index 5245fb4ca..82bd25e65 100644
--- a/src/Metadata/Event/AttributeEventMetadataFactory.php
+++ b/src/Metadata/Event/AttributeEventMetadataFactory.php
@@ -4,9 +4,13 @@
 
 namespace Patchlevel\EventSourcing\Metadata\Event;
 
+use Patchlevel\EventSourcing\Attribute\DataSubjectId;
 use Patchlevel\EventSourcing\Attribute\Event;
+use Patchlevel\EventSourcing\Attribute\PersonalData;
 use Patchlevel\EventSourcing\Attribute\SplitStream;
+use Patchlevel\Hydrator\Attribute\NormalizedName;
 use ReflectionClass;
+use ReflectionProperty;
 
 use function array_key_exists;
 use function count;
@@ -31,11 +35,19 @@ public function metadata(string $event): EventMetadata
             throw new ClassIsNotAnEvent($event);
         }
 
+        $propertyMetadata = [];
+
+        foreach ($reflectionClass->getProperties() as $reflectionProperty) {
+            $propertyMetadata[$reflectionProperty->getName()] = $this->propertyMetadata($reflectionProperty);
+        }
+
         $eventAttribute = $attributeReflectionList[0]->newInstance();
 
         $this->eventMetadata[$event] = new EventMetadata(
             $eventAttribute->name,
             $this->splitStream($reflectionClass),
+            $this->subjectIdField($reflectionClass),
+            $propertyMetadata,
         );
 
         return $this->eventMetadata[$event];
@@ -45,4 +57,63 @@ private function splitStream(ReflectionClass $reflectionClass): bool
     {
         return count($reflectionClass->getAttributes(SplitStream::class)) !== 0;
     }
+
+    private function propertyMetadata(ReflectionProperty $reflectionProperty): PropertyMetadata
+    {
+        $attributeReflectionList = $reflectionProperty->getAttributes(PersonalData::class);
+
+        if (!$attributeReflectionList) {
+            return new PropertyMetadata(
+                $reflectionProperty->getName(),
+                $this->fieldName($reflectionProperty),
+            );
+        }
+
+        $attribute = $attributeReflectionList[0]->newInstance();
+
+        return new PropertyMetadata(
+            $reflectionProperty->getName(),
+            $this->fieldName($reflectionProperty),
+            true,
+            $attribute->fallback,
+        );
+    }
+
+    private function subjectIdField(ReflectionClass $reflectionClass): string|null
+    {
+        $property = null;
+
+        foreach ($reflectionClass->getProperties() as $reflectionProperty) {
+            $attributeReflectionList = $reflectionProperty->getAttributes(DataSubjectId::class);
+
+            if (!$attributeReflectionList) {
+                continue;
+            }
+
+            if ($property !== null) {
+                throw new MultipleDataSubjectId($property->getName(), $reflectionProperty->getName());
+            }
+
+            $property = $reflectionProperty;
+        }
+
+        if ($property === null) {
+            return null;
+        }
+
+        return $this->fieldName($property);
+    }
+
+    private function fieldName(ReflectionProperty $reflectionProperty): string
+    {
+        $attributeReflectionList = $reflectionProperty->getAttributes(NormalizedName::class);
+
+        if (!$attributeReflectionList) {
+            return $reflectionProperty->getName();
+        }
+
+        $attribute = $attributeReflectionList[0]->newInstance();
+
+        return $attribute->name();
+    }
 }
diff --git a/src/Metadata/Event/EventMetadata.php b/src/Metadata/Event/EventMetadata.php
index e5064109b..4c2018b59 100644
--- a/src/Metadata/Event/EventMetadata.php
+++ b/src/Metadata/Event/EventMetadata.php
@@ -9,6 +9,9 @@ final class EventMetadata
     public function __construct(
         public readonly string $name,
         public readonly bool $splitStream = false,
+        public readonly string|null $dataSubjectIdField = null,
+        /** @var array<string, PropertyMetadata> */
+        public readonly array $propertyMetadata = [],
     ) {
     }
 }
diff --git a/src/Metadata/Event/MultipleDataSubjectId.php b/src/Metadata/Event/MultipleDataSubjectId.php
new file mode 100644
index 000000000..2df69b180
--- /dev/null
+++ b/src/Metadata/Event/MultipleDataSubjectId.php
@@ -0,0 +1,23 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Metadata\Event;
+
+use Patchlevel\EventSourcing\Metadata\MetadataException;
+
+use function sprintf;
+
+final class MultipleDataSubjectId extends MetadataException
+{
+    public function __construct(string $firstProperty, string $secondProperty)
+    {
+        parent::__construct(
+            sprintf(
+                'Multiple data subject id found: %s and %s',
+                $firstProperty,
+                $secondProperty,
+            ),
+        );
+    }
+}
diff --git a/src/Metadata/Event/PropertyMetadata.php b/src/Metadata/Event/PropertyMetadata.php
new file mode 100644
index 000000000..aefd10ae2
--- /dev/null
+++ b/src/Metadata/Event/PropertyMetadata.php
@@ -0,0 +1,16 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Metadata\Event;
+
+final class PropertyMetadata
+{
+    public function __construct(
+        public readonly string $propertyName,
+        public readonly string $fieldName,
+        public readonly bool $isPersonalData = false,
+        public readonly mixed $personalDataFallback = null,
+    ) {
+    }
+}
diff --git a/src/Serializer/CryptographicHydrator.php b/src/Serializer/CryptographicHydrator.php
new file mode 100644
index 000000000..3841773be
--- /dev/null
+++ b/src/Serializer/CryptographicHydrator.php
@@ -0,0 +1,40 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Serializer;
+
+use Patchlevel\EventSourcing\Cryptography\EventPayloadCryptographer;
+use Patchlevel\Hydrator\Hydrator;
+
+final class CryptographicHydrator implements Hydrator
+{
+    public function __construct(
+        private readonly Hydrator $hydrator,
+        private readonly EventPayloadCryptographer $cryptographer,
+    ) {
+    }
+
+    /**
+     * @param class-string<T>      $class
+     * @param array<string, mixed> $data
+     *
+     * @return T
+     *
+     * @template T of object
+     */
+    public function hydrate(string $class, array $data): object
+    {
+        $data = $this->cryptographer->decrypt($class, $data);
+
+        return $this->hydrator->hydrate($class, $data);
+    }
+
+    /** @return array<string, mixed> */
+    public function extract(object $object): array
+    {
+        $data = $this->hydrator->extract($object);
+
+        return $this->cryptographer->encrypt($object::class, $data);
+    }
+}
diff --git a/src/Serializer/DefaultEventSerializer.php b/src/Serializer/DefaultEventSerializer.php
index a1d3f2a4c..e3e0fdbc8 100644
--- a/src/Serializer/DefaultEventSerializer.php
+++ b/src/Serializer/DefaultEventSerializer.php
@@ -4,6 +4,7 @@
 
 namespace Patchlevel\EventSourcing\Serializer;
 
+use Patchlevel\EventSourcing\Cryptography\EventPayloadCryptographer;
 use Patchlevel\EventSourcing\Metadata\Event\AttributeEventRegistryFactory;
 use Patchlevel\EventSourcing\Metadata\Event\EventRegistry;
 use Patchlevel\EventSourcing\Serializer\Encoder\Encoder;
@@ -53,11 +54,20 @@ public function deserialize(SerializedEvent $data, array $options = []): object
     }
 
     /** @param list<string> $paths */
-    public static function createFromPaths(array $paths, Upcaster|null $upcaster = null): static
-    {
+    public static function createFromPaths(
+        array $paths,
+        Upcaster|null $upcaster = null,
+        EventPayloadCryptographer|null $cryptographer = null,
+    ): static {
+        $hydrator = new MetadataHydrator();
+
+        if ($cryptographer) {
+            $hydrator = new CryptographicHydrator($hydrator, $cryptographer);
+        }
+
         return new self(
             (new AttributeEventRegistryFactory())->create($paths),
-            new MetadataHydrator(),
+            $hydrator,
             new JsonEncoder(),
             $upcaster,
         );
diff --git a/tests/Benchmark/BasicImplementation/Events/EmailChanged.php b/tests/Benchmark/BasicImplementation/Events/EmailChanged.php
new file mode 100644
index 000000000..d0f642cf8
--- /dev/null
+++ b/tests/Benchmark/BasicImplementation/Events/EmailChanged.php
@@ -0,0 +1,24 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Tests\Benchmark\BasicImplementation\Events;
+
+use Patchlevel\EventSourcing\Attribute\DataSubjectId;
+use Patchlevel\EventSourcing\Attribute\Event;
+use Patchlevel\EventSourcing\Attribute\PersonalData;
+use Patchlevel\EventSourcing\Serializer\Normalizer\IdNormalizer;
+use Patchlevel\EventSourcing\Tests\Benchmark\BasicImplementation\ProfileId;
+
+#[Event('profile.email_changed')]
+final class EmailChanged
+{
+    public function __construct(
+        #[IdNormalizer]
+        #[DataSubjectId]
+        public ProfileId $profileId,
+        #[PersonalData]
+        public string|null $email,
+    ) {
+    }
+}
diff --git a/tests/Benchmark/BasicImplementation/Events/ProfileCreated.php b/tests/Benchmark/BasicImplementation/Events/ProfileCreated.php
index c031b4459..4b627274f 100644
--- a/tests/Benchmark/BasicImplementation/Events/ProfileCreated.php
+++ b/tests/Benchmark/BasicImplementation/Events/ProfileCreated.php
@@ -4,7 +4,9 @@
 
 namespace Patchlevel\EventSourcing\Tests\Benchmark\BasicImplementation\Events;
 
+use Patchlevel\EventSourcing\Attribute\DataSubjectId;
 use Patchlevel\EventSourcing\Attribute\Event;
+use Patchlevel\EventSourcing\Attribute\PersonalData;
 use Patchlevel\EventSourcing\Serializer\Normalizer\IdNormalizer;
 use Patchlevel\EventSourcing\Tests\Benchmark\BasicImplementation\ProfileId;
 
@@ -13,8 +15,11 @@ final class ProfileCreated
 {
     public function __construct(
         #[IdNormalizer]
+        #[DataSubjectId]
         public ProfileId $profileId,
         public string $name,
+        #[PersonalData]
+        public string|null $email,
     ) {
     }
 }
diff --git a/tests/Benchmark/BasicImplementation/Aggregate/Profile.php b/tests/Benchmark/BasicImplementation/Profile.php
similarity index 73%
rename from tests/Benchmark/BasicImplementation/Aggregate/Profile.php
rename to tests/Benchmark/BasicImplementation/Profile.php
index 4fcf7327f..4e36c52ef 100644
--- a/tests/Benchmark/BasicImplementation/Aggregate/Profile.php
+++ b/tests/Benchmark/BasicImplementation/Profile.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-namespace Patchlevel\EventSourcing\Tests\Benchmark\BasicImplementation\Aggregate;
+namespace Patchlevel\EventSourcing\Tests\Benchmark\BasicImplementation;
 
 use Patchlevel\EventSourcing\Aggregate\BasicAggregateRoot;
 use Patchlevel\EventSourcing\Attribute\Aggregate;
@@ -10,10 +10,10 @@
 use Patchlevel\EventSourcing\Attribute\Id;
 use Patchlevel\EventSourcing\Attribute\Snapshot;
 use Patchlevel\EventSourcing\Serializer\Normalizer\IdNormalizer;
+use Patchlevel\EventSourcing\Tests\Benchmark\BasicImplementation\Events\EmailChanged;
 use Patchlevel\EventSourcing\Tests\Benchmark\BasicImplementation\Events\NameChanged;
 use Patchlevel\EventSourcing\Tests\Benchmark\BasicImplementation\Events\ProfileCreated;
 use Patchlevel\EventSourcing\Tests\Benchmark\BasicImplementation\Events\Reborn;
-use Patchlevel\EventSourcing\Tests\Benchmark\BasicImplementation\ProfileId;
 
 #[Aggregate('profile')]
 #[Snapshot('default')]
@@ -23,11 +23,12 @@ final class Profile extends BasicAggregateRoot
     #[IdNormalizer]
     private ProfileId $id;
     private string $name;
+    private string|null $email;
 
-    public static function create(ProfileId $id, string $name): self
+    public static function create(ProfileId $id, string $name, string|null $email = null): self
     {
         $self = new self();
-        $self->recordThat(new ProfileCreated($id, $name));
+        $self->recordThat(new ProfileCreated($id, $name, $email));
 
         return $self;
     }
@@ -37,6 +38,11 @@ public function changeName(string $name): void
         $this->recordThat(new NameChanged($name));
     }
 
+    public function changeEmail(string $email): void
+    {
+        $this->recordThat(new EmailChanged($this->id, $email));
+    }
+
     public function reborn(): void
     {
         $this->recordThat(new Reborn(
@@ -50,6 +56,7 @@ protected function applyProfileCreated(ProfileCreated $event): void
     {
         $this->id = $event->profileId;
         $this->name = $event->name;
+        $this->email = $event->email;
     }
 
     #[Apply]
@@ -58,15 +65,27 @@ protected function applyNameChanged(NameChanged $event): void
         $this->name = $event->name;
     }
 
+    #[Apply]
+    protected function applyEmailChanged(EmailChanged $event): void
+    {
+        $this->email = $event->email;
+    }
+
     #[Apply]
     protected function applyReborn(Reborn $event): void
     {
         $this->id = $event->profileId;
         $this->name = $event->name;
+        $this->email = null;
     }
 
     public function name(): string
     {
         return $this->name;
     }
+
+    public function email(): string|null
+    {
+        return $this->email;
+    }
 }
diff --git a/tests/Benchmark/PersonalDataBench.php b/tests/Benchmark/PersonalDataBench.php
new file mode 100644
index 000000000..390dac4cf
--- /dev/null
+++ b/tests/Benchmark/PersonalDataBench.php
@@ -0,0 +1,128 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Tests\Benchmark;
+
+use Patchlevel\EventSourcing\Aggregate\AggregateRootId;
+use Patchlevel\EventSourcing\Cryptography\DefaultEventPayloadCryptographer;
+use Patchlevel\EventSourcing\Cryptography\Store\DoctrineCipherKeyStore;
+use Patchlevel\EventSourcing\EventBus\DefaultEventBus;
+use Patchlevel\EventSourcing\EventBus\EventBus;
+use Patchlevel\EventSourcing\Message\Serializer\DefaultHeadersSerializer;
+use Patchlevel\EventSourcing\Metadata\Event\AttributeEventMetadataFactory;
+use Patchlevel\EventSourcing\Repository\DefaultRepository;
+use Patchlevel\EventSourcing\Repository\Repository;
+use Patchlevel\EventSourcing\Schema\ChainDoctrineSchemaConfigurator;
+use Patchlevel\EventSourcing\Schema\DoctrineSchemaDirector;
+use Patchlevel\EventSourcing\Serializer\DefaultEventSerializer;
+use Patchlevel\EventSourcing\Store\DoctrineDbalStore;
+use Patchlevel\EventSourcing\Store\Store;
+use Patchlevel\EventSourcing\Tests\Benchmark\BasicImplementation\Profile;
+use Patchlevel\EventSourcing\Tests\Benchmark\BasicImplementation\ProfileId;
+use Patchlevel\EventSourcing\Tests\DbalManager;
+use PhpBench\Attributes as Bench;
+
+#[Bench\BeforeMethods('setUp')]
+final class PersonalDataBench
+{
+    private Store $store;
+    private EventBus $bus;
+    private Repository $repository;
+
+    private AggregateRootId $id;
+
+    public function setUp(): void
+    {
+        $connection = DbalManager::createConnection();
+
+        $cipherKeyStore = new DoctrineCipherKeyStore($connection);
+
+        $cryptographer = DefaultEventPayloadCryptographer::createWithOpenssl(
+            new AttributeEventMetadataFactory(),
+            $cipherKeyStore,
+        );
+
+        $this->bus = DefaultEventBus::create();
+
+        $this->store = new DoctrineDbalStore(
+            $connection,
+            DefaultEventSerializer::createFromPaths(
+                [__DIR__ . '/BasicImplementation/Events'],
+                cryptographer: $cryptographer,
+            ),
+            DefaultHeadersSerializer::createFromPaths([
+                __DIR__ . '/../../src',
+                __DIR__ . '/BasicImplementation/Events',
+            ]),
+            'eventstore',
+        );
+
+        $this->repository = new DefaultRepository($this->store, $this->bus, Profile::metadata());
+
+        $schemaDirector = new DoctrineSchemaDirector(
+            $connection,
+            new ChainDoctrineSchemaConfigurator([
+                $this->store,
+                $cipherKeyStore,
+            ]),
+        );
+
+        $schemaDirector->create();
+
+        $this->id = ProfileId::v7();
+
+        $profile = Profile::create($this->id, 'Peter', 'info@patchlevel.de');
+
+        for ($i = 0; $i < 10_000; $i++) {
+            $profile->changeEmail('info@patchlevel.de');
+        }
+
+        $this->repository->save($profile);
+    }
+
+    #[Bench\Revs(10)]
+    public function benchLoad10000Events(): void
+    {
+        $this->repository->load($this->id);
+    }
+
+    #[Bench\Revs(10)]
+    public function benchSave1Event(): void
+    {
+        $profile = Profile::create(ProfileId::v7(), 'Peter', 'info@patchlevel.de');
+        $this->repository->save($profile);
+    }
+
+    #[Bench\Revs(10)]
+    public function benchSave10000Events(): void
+    {
+        $profile = Profile::create(ProfileId::v7(), 'Peter', 'info@patchlevel.de');
+
+        for ($i = 1; $i < 10_000; $i++) {
+            $profile->changeEmail('info@patchlevel.de');
+        }
+
+        $this->repository->save($profile);
+    }
+
+    #[Bench\Revs(1)]
+    public function benchSave10000Aggregates(): void
+    {
+        for ($i = 1; $i < 10_000; $i++) {
+            $profile = Profile::create(ProfileId::v7(), 'Peter', 'info@patchlevel.de');
+            $this->repository->save($profile);
+        }
+    }
+
+    #[Bench\Revs(10)]
+    public function benchSave10000AggregatesTransaction(): void
+    {
+        $this->store->transactional(function (): void {
+            for ($i = 1; $i < 10_000; $i++) {
+                $profile = Profile::create(ProfileId::v7(), 'Peter', 'info@patchlevel.de');
+                $this->repository->save($profile);
+            }
+        });
+    }
+}
diff --git a/tests/Benchmark/SimpleSetupBench.php b/tests/Benchmark/SimpleSetupBench.php
index e6a13c7f5..e6af30560 100644
--- a/tests/Benchmark/SimpleSetupBench.php
+++ b/tests/Benchmark/SimpleSetupBench.php
@@ -14,7 +14,7 @@
 use Patchlevel\EventSourcing\Serializer\DefaultEventSerializer;
 use Patchlevel\EventSourcing\Store\DoctrineDbalStore;
 use Patchlevel\EventSourcing\Store\Store;
-use Patchlevel\EventSourcing\Tests\Benchmark\BasicImplementation\Aggregate\Profile;
+use Patchlevel\EventSourcing\Tests\Benchmark\BasicImplementation\Profile;
 use Patchlevel\EventSourcing\Tests\Benchmark\BasicImplementation\ProfileId;
 use Patchlevel\EventSourcing\Tests\DbalManager;
 use PhpBench\Attributes as Bench;
diff --git a/tests/Benchmark/SnapshotsBench.php b/tests/Benchmark/SnapshotsBench.php
index a8c898b31..135d36750 100644
--- a/tests/Benchmark/SnapshotsBench.php
+++ b/tests/Benchmark/SnapshotsBench.php
@@ -17,7 +17,7 @@
 use Patchlevel\EventSourcing\Snapshot\SnapshotStore;
 use Patchlevel\EventSourcing\Store\DoctrineDbalStore;
 use Patchlevel\EventSourcing\Store\Store;
-use Patchlevel\EventSourcing\Tests\Benchmark\BasicImplementation\Aggregate\Profile;
+use Patchlevel\EventSourcing\Tests\Benchmark\BasicImplementation\Profile;
 use Patchlevel\EventSourcing\Tests\Benchmark\BasicImplementation\ProfileId;
 use Patchlevel\EventSourcing\Tests\DbalManager;
 use PhpBench\Attributes as Bench;
diff --git a/tests/Benchmark/SplitStreamBench.php b/tests/Benchmark/SplitStreamBench.php
index c0b1ced5f..c319fd198 100644
--- a/tests/Benchmark/SplitStreamBench.php
+++ b/tests/Benchmark/SplitStreamBench.php
@@ -16,7 +16,7 @@
 use Patchlevel\EventSourcing\Serializer\DefaultEventSerializer;
 use Patchlevel\EventSourcing\Store\DoctrineDbalStore;
 use Patchlevel\EventSourcing\Store\Store;
-use Patchlevel\EventSourcing\Tests\Benchmark\BasicImplementation\Aggregate\Profile;
+use Patchlevel\EventSourcing\Tests\Benchmark\BasicImplementation\Profile;
 use Patchlevel\EventSourcing\Tests\Benchmark\BasicImplementation\ProfileId;
 use Patchlevel\EventSourcing\Tests\DbalManager;
 use PhpBench\Attributes as Bench;
diff --git a/tests/Benchmark/SubscriptionEngineBench.php b/tests/Benchmark/SubscriptionEngineBench.php
index c30a0567d..cb494de1e 100644
--- a/tests/Benchmark/SubscriptionEngineBench.php
+++ b/tests/Benchmark/SubscriptionEngineBench.php
@@ -19,8 +19,8 @@
 use Patchlevel\EventSourcing\Subscription\Engine\SubscriptionEngine;
 use Patchlevel\EventSourcing\Subscription\Store\DoctrineSubscriptionStore;
 use Patchlevel\EventSourcing\Subscription\Subscriber\MetadataSubscriberAccessorRepository;
-use Patchlevel\EventSourcing\Tests\Benchmark\BasicImplementation\Aggregate\Profile;
 use Patchlevel\EventSourcing\Tests\Benchmark\BasicImplementation\Processor\SendEmailProcessor;
+use Patchlevel\EventSourcing\Tests\Benchmark\BasicImplementation\Profile;
 use Patchlevel\EventSourcing\Tests\Benchmark\BasicImplementation\ProfileId;
 use Patchlevel\EventSourcing\Tests\Benchmark\BasicImplementation\Projection\ProfileProjector;
 use Patchlevel\EventSourcing\Tests\DbalManager;
diff --git a/tests/Benchmark/blackfire.php b/tests/Benchmark/blackfire.php
index aa785c9dc..347aa6f8e 100644
--- a/tests/Benchmark/blackfire.php
+++ b/tests/Benchmark/blackfire.php
@@ -10,7 +10,7 @@
 use Patchlevel\EventSourcing\Schema\DoctrineSchemaDirector;
 use Patchlevel\EventSourcing\Serializer\DefaultEventSerializer;
 use Patchlevel\EventSourcing\Store\DoctrineDbalStore;
-use Patchlevel\EventSourcing\Tests\Benchmark\BasicImplementation\Aggregate\Profile;
+use Patchlevel\EventSourcing\Tests\Benchmark\BasicImplementation\Profile;
 use Patchlevel\EventSourcing\Tests\Benchmark\BasicImplementation\ProfileId;
 
 require_once __DIR__ . '/../../vendor/autoload.php';
diff --git a/tests/Integration/PersonalData/Events/NameChanged.php b/tests/Integration/PersonalData/Events/NameChanged.php
new file mode 100644
index 000000000..741515412
--- /dev/null
+++ b/tests/Integration/PersonalData/Events/NameChanged.php
@@ -0,0 +1,24 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Tests\Integration\PersonalData\Events;
+
+use Patchlevel\EventSourcing\Attribute\DataSubjectId;
+use Patchlevel\EventSourcing\Attribute\Event;
+use Patchlevel\EventSourcing\Attribute\PersonalData;
+use Patchlevel\EventSourcing\Serializer\Normalizer\IdNormalizer;
+use Patchlevel\EventSourcing\Tests\Integration\PersonalData\ProfileId;
+
+#[Event('profile.name_changed')]
+final class NameChanged
+{
+    public function __construct(
+        #[DataSubjectId]
+        #[IdNormalizer]
+        public readonly ProfileId $aggregateId,
+        #[PersonalData(fallback: 'unknown')]
+        public readonly string $name,
+    ) {
+    }
+}
diff --git a/tests/Integration/PersonalData/Events/PersonalDataRemoved.php b/tests/Integration/PersonalData/Events/PersonalDataRemoved.php
new file mode 100644
index 000000000..d918dcc5c
--- /dev/null
+++ b/tests/Integration/PersonalData/Events/PersonalDataRemoved.php
@@ -0,0 +1,12 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Tests\Integration\PersonalData\Events;
+
+use Patchlevel\EventSourcing\Attribute\Event;
+
+#[Event('profile.personal_data_removed')]
+final class PersonalDataRemoved
+{
+}
diff --git a/tests/Integration/PersonalData/Events/ProfileCreated.php b/tests/Integration/PersonalData/Events/ProfileCreated.php
new file mode 100644
index 000000000..1fe47528f
--- /dev/null
+++ b/tests/Integration/PersonalData/Events/ProfileCreated.php
@@ -0,0 +1,24 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Tests\Integration\PersonalData\Events;
+
+use Patchlevel\EventSourcing\Attribute\DataSubjectId;
+use Patchlevel\EventSourcing\Attribute\Event;
+use Patchlevel\EventSourcing\Attribute\PersonalData;
+use Patchlevel\EventSourcing\Serializer\Normalizer\IdNormalizer;
+use Patchlevel\EventSourcing\Tests\Integration\PersonalData\ProfileId;
+
+#[Event('profile.created')]
+final class ProfileCreated
+{
+    public function __construct(
+        #[IdNormalizer]
+        #[DataSubjectId]
+        public ProfileId $profileId,
+        #[PersonalData(fallback: 'unknown')]
+        public string $name,
+    ) {
+    }
+}
diff --git a/tests/Integration/PersonalData/PersonalDataTest.php b/tests/Integration/PersonalData/PersonalDataTest.php
new file mode 100644
index 000000000..68d4ef347
--- /dev/null
+++ b/tests/Integration/PersonalData/PersonalDataTest.php
@@ -0,0 +1,188 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Tests\Integration\PersonalData;
+
+use Doctrine\DBAL\Connection;
+use Patchlevel\EventSourcing\Cryptography\DefaultEventPayloadCryptographer;
+use Patchlevel\EventSourcing\Cryptography\Store\DoctrineCipherKeyStore;
+use Patchlevel\EventSourcing\EventBus\DefaultEventBus;
+use Patchlevel\EventSourcing\Message\Serializer\DefaultHeadersSerializer;
+use Patchlevel\EventSourcing\Metadata\AggregateRoot\AggregateRootRegistry;
+use Patchlevel\EventSourcing\Metadata\Event\AttributeEventMetadataFactory;
+use Patchlevel\EventSourcing\Repository\DefaultRepositoryManager;
+use Patchlevel\EventSourcing\Schema\ChainDoctrineSchemaConfigurator;
+use Patchlevel\EventSourcing\Schema\DoctrineSchemaDirector;
+use Patchlevel\EventSourcing\Serializer\DefaultEventSerializer;
+use Patchlevel\EventSourcing\Store\DoctrineDbalStore;
+use Patchlevel\EventSourcing\Subscription\Engine\DefaultSubscriptionEngine;
+use Patchlevel\EventSourcing\Subscription\Store\DoctrineSubscriptionStore;
+use Patchlevel\EventSourcing\Subscription\Subscriber\MetadataSubscriberAccessorRepository;
+use Patchlevel\EventSourcing\Tests\DbalManager;
+use Patchlevel\EventSourcing\Tests\Integration\PersonalData\Processor\DeletePersonalDataProcessor;
+use PHPUnit\Framework\TestCase;
+
+/** @coversNothing */
+final class PersonalDataTest extends TestCase
+{
+    private Connection $connection;
+
+    public function setUp(): void
+    {
+        $this->connection = DbalManager::createConnection();
+    }
+
+    public function tearDown(): void
+    {
+        $this->connection->close();
+    }
+
+    public function testSuccessful(): void
+    {
+        $cipherKeyStore = new DoctrineCipherKeyStore($this->connection);
+
+        $cryptographer = DefaultEventPayloadCryptographer::createWithOpenssl(
+            new AttributeEventMetadataFactory(),
+            $cipherKeyStore,
+        );
+
+        $store = new DoctrineDbalStore(
+            $this->connection,
+            DefaultEventSerializer::createFromPaths([__DIR__ . '/Events'], cryptographer: $cryptographer),
+            DefaultHeadersSerializer::createFromPaths([
+                __DIR__ . '/../../../src',
+                __DIR__,
+            ]),
+            'eventstore',
+        );
+
+        $eventBus = DefaultEventBus::create();
+
+        $manager = new DefaultRepositoryManager(
+            new AggregateRootRegistry(['profile' => Profile::class]),
+            $store,
+            $eventBus,
+        );
+
+        $repository = $manager->get(Profile::class);
+
+        $schemaDirector = new DoctrineSchemaDirector(
+            $this->connection,
+            new ChainDoctrineSchemaConfigurator([
+                $store,
+                $cipherKeyStore,
+            ]),
+        );
+
+        $schemaDirector->create();
+
+        $profileId = ProfileId::fromString('1');
+        $profile = Profile::create($profileId, 'John');
+
+        $repository->save($profile);
+
+        $profile = $repository->load($profileId);
+
+        self::assertInstanceOf(Profile::class, $profile);
+        self::assertEquals($profileId, $profile->aggregateRootId());
+        self::assertSame(1, $profile->playhead());
+        self::assertSame('John', $profile->name());
+
+        $result = $this->connection->fetchAllAssociative('SELECT * FROM eventstore');
+
+        self::assertCount(1, $result);
+        self::assertArrayHasKey(0, $result);
+
+        $row = $result[0];
+
+        self::assertStringNotContainsString('John', $row['payload']);
+    }
+
+    public function testRemoveKey(): void
+    {
+        $cipherKeyStore = new DoctrineCipherKeyStore($this->connection);
+
+        $cryptographer = DefaultEventPayloadCryptographer::createWithOpenssl(
+            new AttributeEventMetadataFactory(),
+            $cipherKeyStore,
+        );
+
+        $subscriptionStore = new DoctrineSubscriptionStore(
+            $this->connection,
+        );
+
+        $store = new DoctrineDbalStore(
+            $this->connection,
+            DefaultEventSerializer::createFromPaths([__DIR__ . '/Events'], cryptographer: $cryptographer),
+            DefaultHeadersSerializer::createFromPaths([
+                __DIR__ . '/../../../src',
+                __DIR__,
+            ]),
+            'eventstore',
+        );
+
+        $eventBus = DefaultEventBus::create();
+
+        $manager = new DefaultRepositoryManager(
+            new AggregateRootRegistry(['profile' => Profile::class]),
+            $store,
+            $eventBus,
+        );
+
+        $repository = $manager->get(Profile::class);
+
+        $schemaDirector = new DoctrineSchemaDirector(
+            $this->connection,
+            new ChainDoctrineSchemaConfigurator([
+                $store,
+                $cipherKeyStore,
+                $subscriptionStore,
+            ]),
+        );
+
+        $schemaDirector->create();
+
+        $engine = new DefaultSubscriptionEngine(
+            $store,
+            $subscriptionStore,
+            new MetadataSubscriberAccessorRepository([new DeletePersonalDataProcessor($cipherKeyStore)]),
+        );
+
+        $engine->setup(skipBooting: true);
+
+        $profileId = ProfileId::fromString('1');
+        $profile = Profile::create($profileId, 'John');
+
+        $repository->save($profile);
+        $engine->run();
+
+        $profile = $repository->load($profileId);
+
+        self::assertInstanceOf(Profile::class, $profile);
+        self::assertEquals($profileId, $profile->aggregateRootId());
+        self::assertSame(1, $profile->playhead());
+        self::assertSame('John', $profile->name());
+
+        $profile->removePersonalData();
+        $repository->save($profile);
+        $engine->run();
+
+        $profile = $repository->load($profileId);
+
+        self::assertInstanceOf(Profile::class, $profile);
+        self::assertEquals($profileId, $profile->aggregateRootId());
+        self::assertSame(2, $profile->playhead());
+        self::assertSame('unknown', $profile->name());
+
+        $profile->changeName('hallo');
+        $repository->save($profile);
+
+        $profile = $repository->load($profileId);
+
+        self::assertInstanceOf(Profile::class, $profile);
+        self::assertEquals($profileId, $profile->aggregateRootId());
+        self::assertSame(3, $profile->playhead());
+        self::assertSame('hallo', $profile->name());
+    }
+}
diff --git a/tests/Integration/PersonalData/Processor/DeletePersonalDataProcessor.php b/tests/Integration/PersonalData/Processor/DeletePersonalDataProcessor.php
new file mode 100644
index 000000000..6b661a5c1
--- /dev/null
+++ b/tests/Integration/PersonalData/Processor/DeletePersonalDataProcessor.php
@@ -0,0 +1,29 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Tests\Integration\PersonalData\Processor;
+
+use Patchlevel\EventSourcing\Aggregate\AggregateHeader;
+use Patchlevel\EventSourcing\Attribute\Processor;
+use Patchlevel\EventSourcing\Attribute\Subscribe;
+use Patchlevel\EventSourcing\Cryptography\Store\CipherKeyStore;
+use Patchlevel\EventSourcing\Message\Message;
+use Patchlevel\EventSourcing\Tests\Integration\PersonalData\Events\PersonalDataRemoved;
+
+#[Processor('delete_personal_data')]
+final class DeletePersonalDataProcessor
+{
+    public function __construct(
+        private readonly CipherKeyStore $cipherKeyStore,
+    ) {
+    }
+
+    #[Subscribe(PersonalDataRemoved::class)]
+    public function handleProfileCreated(Message $message): void
+    {
+        $aggregateId = $message->header(AggregateHeader::class)->aggregateId;
+
+        $this->cipherKeyStore->remove($aggregateId);
+    }
+}
diff --git a/tests/Integration/PersonalData/Profile.php b/tests/Integration/PersonalData/Profile.php
new file mode 100644
index 000000000..f3d8905b5
--- /dev/null
+++ b/tests/Integration/PersonalData/Profile.php
@@ -0,0 +1,68 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Tests\Integration\PersonalData;
+
+use Patchlevel\EventSourcing\Aggregate\BasicAggregateRoot;
+use Patchlevel\EventSourcing\Attribute\Aggregate;
+use Patchlevel\EventSourcing\Attribute\Apply;
+use Patchlevel\EventSourcing\Attribute\Id;
+use Patchlevel\EventSourcing\Attribute\Snapshot;
+use Patchlevel\EventSourcing\Serializer\Normalizer\IdNormalizer;
+use Patchlevel\EventSourcing\Tests\Integration\PersonalData\Events\NameChanged;
+use Patchlevel\EventSourcing\Tests\Integration\PersonalData\Events\PersonalDataRemoved;
+use Patchlevel\EventSourcing\Tests\Integration\PersonalData\Events\ProfileCreated;
+
+#[Aggregate('profile')]
+#[Snapshot('default', 100)]
+final class Profile extends BasicAggregateRoot
+{
+    #[Id]
+    #[IdNormalizer]
+    private ProfileId $id;
+
+    private string $name;
+
+    public static function create(ProfileId $id, string $name): self
+    {
+        $self = new self();
+        $self->recordThat(new ProfileCreated($id, $name));
+
+        return $self;
+    }
+
+    public function removePersonalData(): void
+    {
+        $this->recordThat(new PersonalDataRemoved());
+    }
+
+    public function changeName(string $name): void
+    {
+        $this->recordThat(new NameChanged($this->id, $name));
+    }
+
+    #[Apply(ProfileCreated::class)]
+    protected function applyProfileCreated(ProfileCreated $event): void
+    {
+        $this->id = $event->profileId;
+        $this->name = $event->name;
+    }
+
+    #[Apply(PersonalDataRemoved::class)]
+    protected function applyPersonalDataRemoved(): void
+    {
+        $this->name = 'unknown';
+    }
+
+    #[Apply(NameChanged::class)]
+    protected function applyNameChanged(NameChanged $event): void
+    {
+        $this->name = $event->name;
+    }
+
+    public function name(): string
+    {
+        return $this->name;
+    }
+}
diff --git a/tests/Integration/PersonalData/ProfileId.php b/tests/Integration/PersonalData/ProfileId.php
new file mode 100644
index 000000000..6b2f1f6ff
--- /dev/null
+++ b/tests/Integration/PersonalData/ProfileId.php
@@ -0,0 +1,25 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Tests\Integration\PersonalData;
+
+use Patchlevel\EventSourcing\Aggregate\AggregateRootId;
+
+final class ProfileId implements AggregateRootId
+{
+    private function __construct(
+        private string $id,
+    ) {
+    }
+
+    public static function fromString(string $id): self
+    {
+        return new self($id);
+    }
+
+    public function toString(): string
+    {
+        return $this->id;
+    }
+}