Can you prove it is? Many many things can be personally identifiable given enough resources and associated data, so it's unclear whose burden of proof it is, especially considering sibling comment mentioning a GDPR exception to delete data if it causes sizable damage to a business.