It's for as long as necessary to serve the purpose. If you're brought to court, you could either argue that you still need it for your specific use case, or you can point to some internal procedure to delete stuff that's way past the point of usefulness and say that you're already complying.
And as the parent comment said, you don't really have to delete them at all, keeping some sort of a copy that you ran through some sort of a personal data removal tool also works.
Example: years old closed support tickets, you'll never need to know exactly who made them, but you might wanna reference some info from them.
