They can delete the data. But then how they prove that user do something illegal? Should we trust words of every multi-billion corporation blindly?So guess what, if they were to do data erasure according to GDPR, all they have to do is delete all info about the USER. The console data will stay. I mean, without the user info in the system, they no longer have a way to identify who used the console, all is in accordance with GDPR this way, while your cert stays banned.
Thats the question.