Unsubscribe should delete or anonymize personal data when that consent was the only reason we had it
Repro:
- Someone subscribes to a mailing list through civi and a new contact is created.
- We send them an email.
- They unsubscribe (we've had no other reason to have their personal data in the meantime).
Expected:
Their name, email, and any other personal data they input when they subscribed is anonymized or deleted.
Actual:
Their personal data is kept in civi.
This is an very clear cut case of violating the GDPR, since GDPR does not allow you to "process" (which includes storing in mysql) personal data that was based on consent after the consent is revoked.