Technically very smart solution, but legally way too risky.
If there's ever a breach, for example someone steals the key and then accesses the data, the fine will be super high given that the company has retrained data after the user asked to delete it.
To mitigate such risk, the company would at least need explicit consent of the user, at which point it's just as simply asking the user to not really delete their account.
A viable option, legally speaking, could be to send the dump to the user, in a way that can be easily imported back if the user ever wants to login again.
> for example someone steals the key and then accesses the data
It was why I schemed it so the key is sent to the user but not kept by you. Someone steals the user key? They can ask for a restore but they won't have access to the data unless they've got the user login info too. An employee steals the encrypted data? Enjoy the time spent cracking the cryptography.
A little like one of the solutions for deletion in Event Sourced systems but instead of completely losing the keys, you give it to the user first.
If there's ever a breach, for example someone steals the key and then accesses the data, the fine will be super high given that the company has retrained data after the user asked to delete it.
To mitigate such risk, the company would at least need explicit consent of the user, at which point it's just as simply asking the user to not really delete their account.
A viable option, legally speaking, could be to send the dump to the user, in a way that can be easily imported back if the user ever wants to login again.