It's actually really weird in the way it's interpreted. There was a recent case here in Finland, where a very popular consumer electronics store got fined for a very large sum of money (percentage of yearly revenue that is higher than their yearly profit margin) by a regulator on the basis that they allowed anonymous purchases, but held the data from the purchase beyond immediate fulfilling of the purchase contract.
The store allowed the buyer to get the data, request data deletion, etc. Holding the data was explained by the fact that purchase created a need to also meet requirements of warranty, both legally mandated and manufacturer's, as well as ability for the non-registered purchaser to register and get access to their old purchases list.
Regulator fined them anyway, and according to "severe violation" rules in spite of it. Because it required additional work that wasn't immediately obvious to get the store to delete the data and violation being long standing (in spite of store clearly believing in good faith that they were following the law, and actively helping with the regulator's investigation).
It actually screwed a lot of legitimate customers like myself, because we rely on the store to hold our order data for as long as possible, so we can go back and review, check warranty status, check dates of purchase etc. Now separate action is required to go there and check a box "to hold the data for more than absolutely necessary" as a result of this ruling.