[vertex-four]

If you continue to hold data from EU residents, it’s somewhat likely that the GDPR applies, or that a court will decide it does some way down the line. If you employed a competent lawyer for about an hour they’d ask you why you’re storing that data if you’re never going to use it again, given the risks.

[ucaetano]

Holding the data or not is irrelevant, the tricky part is compliance.

If the GDPR applies to you, you need to hire a DPO based in Europe, as well as having a EU contact that will be responsible for any fees that you incur.

If you did business in the EU but no longer does, do you now have to hire a DPO in the EU and have a local contact responsible for any liabilities?

Managing the data is the easy part.

[vertex-four]

There’s no obvious reason why you’d have to, provided you delete all data related to EU residents.

[ucaetano]

You didn't read GDPR. Deleting isn't enough, if GDPR applies to you, you need to follow all the compliance requirements, including hiring people, providing proof of deletion if investigated, etc.