[mftrhu]

Yes. You should have a system for tracking every single dataset containing personal data: that data does not belong to you. You are just its steward.

You should have had such a system even before GDPR came into existence, but after it did? Your organization's lack of organization is not the legislator's problem.

[whimsicalism]

I am describing a higher level of compliance than like 95% of shops that have data do in practice

Even this website you are commenting on isn’t GDPR compliant lol, they won’t delete your text if you request.

[mftrhu]

It sounds like 95% of shops - of shops you know well enough to have an opinion about - should get their shit together, then. Why should people tolerate their sloppiness?

[Ylpertnodi]

Not deleting texts does not breach gdpr rules.

Gdpr is about personal data, not anonymous (you can always put your real name, if you want) texts. Nor does hn do any tracking.

Try actually looking at the gdpr, easily findable [even using google search] - it's not what you seem to believe it is.