I started coding in 2012 as a funder with 0 experience in programming. From day one I avoided "delete=1". I implemented real data deletion from the very start and it has never been an issue. If someone like me (self thought from 0) could do it, I can't see any reason why this should ever be a problem. The GDPR does not pose any particular problem to start-ups, if you take the time to read it (no lawyer needed for that). Sure, as long as your business model does not rely on exploiting personal data.