Re: In the recruitment industry the panic is just starting to set in.
Most CRM's are SQL based so stuff can be deleted with enough time/skill, but as recruiters are on commission (and thus tend to want to work weekends as well as normal office hours) bringing down the CRM for half the weekend while you do a manual delete via SQL does cause some stress.
While its fine having an outage once in a while if your doing it every weekend for the latest batch of GDPR removal requests, its going to get old quickly. Not to mention, if I am working weekends cleaning out your data, frankly your going to be paying for it (either OT costs or TOIL). Unfortunately, some techie doing manual deletes on your CRM each week isn't really a viable business solution.
Obfuscation of the data will work for some industries, the problem with recruitment, is that we deal with a lot of personal data in document form (CV's, Passport scans for legal compliance etc), all of that is going to have to be cleared off a record to put it out of use and although you don't generally run into any referential integrity issues with documents, unless the CRM has a real delete function in it for user level deletes, you are still paying people like me to go clear your data off at a weekend.
Also, its not just about the CRM's, Email/Exchange, SMS facilities and Mass mailing systems (e.g. Dotmailer) all need to be cleared of identifiable data and usually they are not well integrated with the CRM and certainly not for delete functions.
Its not that any of this is technically impossible, its that frankly doing all the analysis and development is a lot of work. In the same way that in Y2K it was easy to say, oh just store your dates in long date format, saying it is one thing, changing policies, procedures and systems is something very different and quite expensive.