your data compliance officer should be able to...
Sorry -- our who? We're not up to the 10k users mark yet and only made a paltry few hundred million profit last year. We can't be expected to go employing people for silly made-up job tittles like that! This is the CIty, dammit! We got away with flouting the DPA for years, why should this be any different/
I suspect the cost/benefit calculation described in the first few pars of this piece are exactly what most organisations are doing, to some extent or other - even the ones sending people on seminars and re-papering all their marketing consents don't expect to be getting many, or any, request for individual database rows to be deleted from old backup tapes, and if they do, they expect to be able to ignore them, or just flat out lie that it's been done.