"Anonymizing" would be replacing each user's PII with a value that's unique to that user. Instead, you could just blank it out or overwrite with universal "data removed because of GDPR" token.
That highly depends on the DB used. If you're using a log structured database, it's possible the original data could still be there. Immutable databases that never delete or overwrite entries exist.
And what if the PII is stored in a blockchain? Then what?
