After responding in this thread I ventured a little further into what GDPR would look like within the apps I am building and OMG the ability to comply could be horrendously challenging.
For example, some of my apps use Datomic, which contains both an append only log file for data storage as well as bulk storage data facilities provided by 3rd party db systems. And that doesn't even take into consideration indexes. So deleting user data would be a non-trivial exercise.
Simply put: modern day data system architectures have grown in complexity to the degree that you simply just can not push a button and remove user data anymore.
Here's some further discussion if anyone is interested.
P.S. I realize I'm kinda hijacking this thread, and this has nothing to do with Arc anymore, but thought that hjek might be interested (or maybe not lol).