[tibiahurried]

In event sourced systems, where the state of an application is stored as a sequence of immutable events, one way of solving the "delete" problem (e.g: GDPR) is to have all the events encrypted to begin with. The deletion (without performing a rewriting of the events) can be considered executed by simply "deleting" the key used to decrypt the events.

The information is not deleted per se, but it is not usable anymore. Now, if you have access to new means that allow you to break the encryption, then yeah it could be a problem.