Now that GDPR is active, thoughts turn to how to handle the practical issues that will occur as a result of the new regulation. GDPR Article 17 allows individuals to request an organization to erase their personal data. We can find the information with content searches (perhaps imperfectly), but what are the practical steps to take to process an erasure request against Office 365 data? As it turns out, the answer is not straightforward. In fact, it's pretty hard and probably needs a lot of manual processing. https://www.petri.com/gdpr-right-erasure-requests-office-365.
Yeah the broad statement that is GDPR is going to be a complete nightmare if they expect what they expect, because users put peopele's data in files god knows where, and they classify data as practically everything tied to a name so It's definitely going to be interesting how this pans out.