Yeah, but companies can also “choose” to ignore GDPR requests. I don’t think talking about instances not following the spec and deleting things when requested is relevant.