The problem isn't to delete 1 piece of data 1 time. The problem is different people demanding thousand+ rows randomly spread out in your database deleted every day that is the problem.
Look at the cavalier attitude people have with their data until now. Do you really think starting today every one of them is going to start caring and requesting full deletes everywhere?
Maybe a percentage will be better educated, and actually request data deletion here and there, sometimes but I don't thing anything is going to massively change in general customer behavior. The GDPR just gives the means to those who really want to control their data (which were there before, by the way, just not really enforced. Now that there's a number figure to the possible fine, now is everyone paying attention.)
The problem isn't the odd paranoid submitting a delete request once a month, it's when some influential person publicly requests a delete for whatever outrage is going on that day and causes his 10k followers to do the same
You're suggesting that a business should be able ignore the privacy concerns of its users because they're inconvenient. That is decidedly worrying. If a startup can't afford to run ethically then it shouldn't really be in business.
Yeah, this sort of thing is like a pessimistic case for Cassandra and various databases that are designed to model data as an immutable set of facts and to model deletions as retractions or the like.
Apparently it defaults to 10 days for tombstone purging and recommends not going below 5 days. How bad is performance actually going to be at a nice slow several-day compaction rate?
The pessimistic case sounds like trying to remove things within hours.
All I can say is that not everyone's situation is the same. If you have a small forum where a few hundred people post a few dozen messages a day, it obviously won't be a big deal. There are situations where the amount of generated information is much larger than that. Webserver logs are one possible example.
It isn't an impossible problem to solve, but the GDPR is a significant time and a money burden that will especially be an issue for small startups that don't have millions in venture funding to spend on this.
