My current work-in-progress draft approach is focused on the User Profile sheet.
The assumption is that if we “delete” the eMail it will therefore make all other data irrelevant (at least in my app).
In the User Profile screen:
1- Button delete (with warning → validation)
2- “Set values” action:
- unique identifier on the “eMail” column
- “Deleted user” on name, picture, phone, messengers, address and other possible data that would enable to identify the user.
Without being at all an expert about GDPR, I think that it is something “relatively” simple that could contribute to comply with it.