or trace back prior fraud. Criminals are using data deletion requests / demands to cover their fraud so they can continue. I don't think as written, this legislation is going to hold up under the onslaught of criminal abuse.
I don't want to be rude, so please tell me if you do, but do you have a source for that? It sounds quite a lot like a "think of the children" argument and whilst I can see people having made that claim elsewhere, I don't see any actual cases of it being reported.
I believe that's incorrect under GDPR. There is a legitimate interest to keep records for fraud use, and also they must not delete anything that's required for regulatory compliance. GDPR is very clear on that.
