GDPR data retention schedules: how do you automate deletion when data spans 5+ systems?

We're implementing a GDPR-compliant data retention schedule under Art. 5(1)(e) — data must not be kept longer than necessary. The theory is simple. The execution is a nightmare. Our user data lives across: PostgreSQL (primary), Redis (sessions), Elasticsearch (search index), S3 (audit logs), Snowflake (analytics), and a third-party CRM. Each system has different deletion mechanisms, and some (like the CRM) only support bulk exports, not programmatic deletion. Our current approach: a nightly job that identifies records past their retention threshold and fires deletion requests to each system. But we've found edge cases: - Backup snapshots still contain deleted records (we can't delete from immutable backups) - Elasticsearch soft-deletes leave tombstones that count as 'personal data' under some interpretations - The CRM's 30-day 'recycle bin' means data isn't truly gone for 60 days total How does your team handle multi-system retention enforcement? Do you use a central orchestration layer, or does each system owner manage their own deletion schedule? Any experience with automated DPIA updates when retention policies change? Jurisdiction: EU/DE. Looking for practitioner experience, not legal opinions.