The statement by the ICO spokesperson "data protection law is technology-neutral" is ingenuous.
The European clots who put the Regulation together are, at best, technologically ignorant, and at worst not doing their job properly by creating regulations which cannot be complied with and enforced.
Our new Policy says we won't delete backups because they are our DR lifeline, and as a micro-business we don't have the ability or resources to do anything different.
So we've made it perfectly clear to anyone who wants to be forgotten. What more can we do?