There's really no complexity there. The right to be forgotten doesn't superseed other laws, and it is required by law in most countries, that transaction data be stored for 5 years plus running year, so in case you request to be forgotten, that can only happen once the mandatory data retainment has expired, which can easily be handled by a "transaction date", and simply run a batch job that matches each user to their transactions (and desire to be forgotten), and once transaction are expired and the user has requested to be forgotten, you simply delete.
> Local data cache for offline mode in mobile apps
The right to be forgotten has a "grace period", so set your cache expiration to less than that amount of time and you're pretty much home safe, or better yet, don't cache GDPR sensitive data and you can pretty much cache for as long as you like.
There's a lot more to payments than raw transaction data. Payments are usually related to the exchange of goods or services. The delivery data of those could be essential for winning a chargeback dispute or a liability for a customer that asked to be forgotten.
There's really no complexity there. The right to be forgotten doesn't superseed other laws, and it is required by law in most countries, that transaction data be stored for 5 years plus running year, so in case you request to be forgotten, that can only happen once the mandatory data retainment has expired, which can easily be handled by a "transaction date", and simply run a batch job that matches each user to their transactions (and desire to be forgotten), and once transaction are expired and the user has requested to be forgotten, you simply delete.
> Local data cache for offline mode in mobile apps
The right to be forgotten has a "grace period", so set your cache expiration to less than that amount of time and you're pretty much home safe, or better yet, don't cache GDPR sensitive data and you can pretty much cache for as long as you like.