GDPR compliance in a nutshell

Recently MongoDB added field encryption in version 4.2. This means if there's a request to delete all user data (stated in GDPR) administrator can delete the encryption key(s) which is used for access to the personal data. So no key - no data ... right ... but the data is still there and probably ready to be brute-force decrypted. Nice try, MongoDB