[tscs37]

Keep a log of deleted users and re-delete upon restore.

The GDPR contains exceptions for data storage for which it is infeasible or outside reasonable effort to delete individual records or you have legal compliances to uphold.

[jgeraert]

Isn't the log of deleted users subject to the GDPR then?

[hobofan]

You can make a log of deleted users without it containing personally identifiable information, by just storing the IDs.

[zaarn]

No since the GDPR exempts things you need for legal compliance, thus a list of users who have asked to be deleted is fine if it's being used to ensure compliance.