> If a user requires to be deleted, you have to delete everything, there can be no trace of their existence.

False. Transaction data must be kept for legal reasons and deletion requests do not apply to it.

Yep, that might be true for certain industries.

But logs don't count as the transactional data that needs to be kept for legal reasons.

That depends entirely on what they're logging and why.

There are always time limits that apply, which means you need to have a process to delete the relevant log entries (or the whole log) eventually.

Sure, like 7 years. https://business.gov.nl/regulation/keeping-business-records/

GDPR, from what the legal trainings I've had, logs aren't covered if you apply the technical requirement and costs, etc.

This also depends on if the data was sensitive and your log usage/retention policy, i.e. you can't just say "it's logs" to be able to keep things - you need to show you're only using them as logs.

Addresses are sensitive information and whatever was happening sounds like multi-purpose-consent-necessary data processing and it was years old.

There's a reason many of us across the ocean look at that part of the GDPR like someone decided you could put the feathers back in the pillowcase if you just made it illegal for the feathers to be outside the pillowcase.