Welcome to my world
I have been working with the need to both preserve and to securely erase data for, mmmm a long time. Each time customers express a desire to do both, the arguments that have been presented above recur (again and again). It's normal for a requirement to be that data is to be retained and disaster proof for generations but that if there is an over-riding reason to get rid of a record then the record should be purged from wherever it may be.
Regulators suffer from a lack of imagination about where data may (legitimately) be. On clients, on stand alone systems, on server(s), SAN, NAS, rented (cloud) storage etc, etc. A data dictionary that records where all this stuff is, is large to begin with. Then there's the problem that purging data is not just deleting it, but one of over writing the data so that it can't be recovered. However you can't do that at the level of individual records.
Deleting an encryption key can sound like the magic bullet, but it doesn't work. You also have to delete every copy of the key, including the ones that are on paper or lurking in some forgotten document that someone created years ago and never told anyone about. In short this is a really difficult problem with no absolute answers and no absolute end point. Given the way that storage optimises itself and things like wear levelling work there are often multiple plain text copies of data that are on a device, just not easily accessible to the OS, but there for anyone with access to forensic tools.
I can see cases where an attempt to purge a record would involve the obvious of purging a record from a database followed by discovering all the backup copies and mystically removing the same record from those, scanning the unallocated space of every storage device for occurrences of the record, taking a trip to some $DEITY forsaken archive inside a mountain, asking AWS/Azure if they would mind purging the drives that once held the data.... and so it goes. Some of these things are unlikely to be possible.