INAL, but... you might want to revisit that code. article 17, right to erasure is about erasure of personal data, not about making non-indentifiable. of course they dont define erase or delete :-)
> I don't see why the law should care in any way about a company populating NULL records.
It cares if the existence of this record still leaks private data. This is why talking about generic "records" here is pretty wrong - actual data is not interchangeable "records" where you can just slap on a generic cargo cult policy and think you're done.
Different use-cases require different data handling. Although, I do agree, for most CRUD cases it's enough to NULL out rows.
It's deleted because all connections (and meta data) has been erased.
In a database, if you null all fields but keep the entries and their inter table relationship intact, you still have identifiable data up to a certain point.
Imagine you have data of specific people and you only have one person per country, having a user and country relationship, if you null a single data of a specific user, you'll still be able to find the user just by analysing to which country that user was connected + some external information.
This is the classical problem of deriving personal data from statistical reports and why data anonymisatiom is so complex.
(edit: typo)