Encrypt all the key and delete only the encryption key if the deletion is requested. Without the key any remaining data can't be read any more.
https://issues.apache.org/jira/secure/attachment/12978992/Ozone%20GDPR%20Framework.pdf
https://issues.apache.org/jira/secure/attachment/12987528/Ozone%20GDPR%20Framework_updated.pdf