GDPR is no joke. Storing a handful of comments is not worth the penalty if they get caught.
Note that I speak from experience as part of a company that needs to comply with the regulations. We do it because the risk of violation is 10000000% not worth it no matter how annoying and arduous it is to comply.
They were fairly specific about not doing that (I’d imagine largely because of GDPR).
I deleted 10 years of “content” before I left and checked their policies. They apparently actually do properly delete from their servers.
I’ve got a bridge in the desert I’d like to sell you.
GDPR is no joke. Storing a handful of comments is not worth the penalty if they get caught.
Note that I speak from experience as part of a company that needs to comply with the regulations. We do it because the risk of violation is 10000000% not worth it no matter how annoying and arduous it is to comply.