It seems to me that the aim of data protection legislation would be furthered if destruction of personal data also required consent of the data subject. If this were so then any data controller that acquired personal data by any means would incur a liability that they would have to carry on their books as a debt. It would make companies think twice before collecting the data.
To make it practical there would need to be a simple method of discharging the debt by sending the data subjects a copy of all of their data before deleting it. It would make sense to require that to be delivered both on paper and in machine-readable form where that is practical.