[bduerst]

I mean, if you're storing user information that isn't pertinent to the business with fridge magnets on a slab of metal, and the user asks you to take them down, it's a GDPR violation if you don't remove/scramble said magnets after 30 days.

Method of data storage isn't really specified, but that's why it's General Data Protection Compliance.

[swores]

Yes of course it would cover that hypothetical situation, as I said in my comment, but it would still be ridiculous in general conversation to say "GDPR does require that businesses get consent before using fridge magnets" without specifying "if personal data is involved".