[kenbaylor]

Under GDPR, that would be a yes if the key is truly lost, and the personal data is not recoverable by anyone.

If it is recoverable, then it falls into the ominous term: Pseudonymous : https://www.wsgrdataadvisor.com/2015/09/personal-data-anonym...