You are talking about a very narrow set of legal reasons that need 10 years of archiving. This has nothing to do with the GDPR and these archives should really not be created from normal daily/... backups. If you fall into that category you need a lawyer even without the GDPR and this lawyer will tell you exactly what and how to archive. "Nobody really knows" does not apply here because your lawyer knows.
> very narrow set of legal reasons that need 10 years of archiving
Invoices for VAT MOSS have to be archived for ten years. And until today nobody really knows (it is another EU law disaster) which information you have to keep to prove the origin of your customer.
Why do you need to keep more information than the invoice itself? All invoices should include the invoice recipients name and address, and thus the country of origin. In many countries invoices below a certain amount can omit the recipient, but you don't need to omit it.
Do you invoice for a different country than the recipients country? Why?
> the information used to determine the place where the customer is established or has their permanent address or usually resides.
Sadly this regulation doesn't specify which kind of information this could be.
Your customer could try to get a better price by pretending to be from a country without VAT. Therefore the address given by the customer is more or less worthless in this regards. One more realistic information is the IP address. But as this also is pretty easy to spoof it might be reasonable to also keep information about the country were the cc card was issued, if possible.
