For us, the GDPR requirements have been more around purging PII data when needed. And for that, we have setup a Minion job to perform the purging. I haven't personally run into the requirements you mentioned, although it makes sense to me, which is why I was exploring if more folks need it, perhaps we can open a request for the same.