What about deleting data in backups for an EU resident who submitted a request for data deletion? If a company is using mysqldump or equivalent it seems difficult to just drop certain records from those .sql files.
Have a reasonable retention policy on these backups. Backups are a "legitimate business interest" and you don't need to purge "right to be forgotten" requests from your backups if you stick to a reasonable and publicly-documented retention policy. This is advice that I've received from counsel. However, I am not a lawyer, and this in no way should be taken as legal advice.
Of course. For us, it came down to cost. EU customers make up <1% of our revenue. Implementing this non trivial feature didn’t make sense for us financially. So, we decided to drop all EU customers entirely.
