The GDPR does force anyone who stores user data to delete it upon request.
However, IIRC, there is not much of a requirement of having a dedicated form of it. An email is sufficient notification you want this to happen (and you're of course free to ensure the user's identity).
After that they have to delete all data and take note of the deleted datasets so in case of a backup recovery the data will stay deleted.
However, IIRC, there is not much of a requirement of having a dedicated form of it. An email is sufficient notification you want this to happen (and you're of course free to ensure the user's identity).
After that they have to delete all data and take note of the deleted datasets so in case of a backup recovery the data will stay deleted.