Is this a real issue though? If I comply to regulations to remove data as required by law, I'd be surprised if a government body could require me to provide data I am supposed to have deleted.

This is a very real GDPR fear. Some of its mandates run counter to other local data retention mandates.

It’s not clear yet how that is going to shake out.

As HN'er detaro notes in this comment:

https://news.ycombinator.com/item?id=16366864

There are some provisions for those situations.

And on the subject of backups, those are typically exempt but there are some obvious problems there when you restore a backup at a later time.

To me the big ticket items in the GDPR are the notification duty and the data processing agreement 'chain' that gives some level of certainty that the companies you deal with are going to take this serious.

The implementation details and all the moving bits and pieces are most likely not going to be the parts where the real tests will be in the first year or two.

I agree with your assessment but the penalty part of GDPR is making lawyers more jumpy than any regulation I’ve seen.

I’m putting essentially everything in the we’ll see category.

I see that as good news :)

It looks like the GDPR at least gets people's attention.