If I store encrypted data but throw away the key does that violate GDPR?

Question

I thought this would be a violation as I'm not able to decrypt that data today, but as soon as technology got to a certain point, or true quantum computers become a thing, I'd be able to decrypt that date possibly trivially.I was listening to a podcast where they described this as being a viable way of adhering to requests to delete personal information.

luckylion · Accepted Answer

Was any reason given as to why doing that to (effectively) delete data over just deleting or overwriting them?

new_guy · Answer

INAL but if you've kept the personal data - in whatever form - after they've requested it to be deleted, then you're in violation.

discordance · Answer

Seems like more of a philosophical question.
If it's not accessible then it's essentially lost. If a new technology comes about that makes it accessible, then you would be liable.
If you've lost the key, and have no intent on recovering the data due to GDPR or whatever, then why not just delete it to avoid any potential future liability?