Backups aren't the problem
Really they're not. Well, not technically. Legislatively, perhaps.
It's restoring them that is the problem. Or it's backup to disk, then mere access can be a problem.
Luckily, some bright spark mentioned in the article thought of that:
The only practical thing to do is to detect and erase the information on restore, he suggested, which would be a big task but, in principle, doable.
Erm, yeah, but I've deleted everything about Joe Bloggs of Wankstain, Essex, including his request to be deleted. So how do I know not to restore him?
And once you've worked that one out, my favourite backup tool is rsync. Because it's bloody fast. You can even backup/restore an 80G server remotely over a shitty ADSL line in an hour (as long as the data on the server doesn't change much). If you want me to filter out Joe Bloggs from the restore then that is going to turn something fast into something slow, or at least require me to access his details in the backup so I can delete them manually before I do the restore, which legally I probably am not allow to do. Also can I do a full restore and delete him before I make the data live?
The devil's in the details.