Axon Framewok vs GDPR (delete phisically personal data from Domain Event Entry table)

So let's have a look at this very interisting point of nowadays the General Data Protection Regulation (GDPR). Let's make it clear what is Axon's best answer for the problem below. (I am using Axon 4.1 with Spring Boot)
I introduce you my problem:

The user comes and for example the he wants to book an appointment, where he must enter his email, phonenumber etc. a lot of personal data. Before the user click on Enter he has to accept a privacy statement which includes how long we store his personal information. So when the user click on Enter the backend will event source all the information the user entered. All his privacy data will be stored to Axon's Domain Event Entry table for an Aggregate for the created event. The user's personal data can be found in the payload.
So when the storage time expires I have to remove all the personal data from all my tables including Axon's Domain Event Entry table.

So my question is how to phisically remove an aggregate from Domain Event Entry.

I tried this solution:

    @EventSourcingHandler
    public void on(CampaignDeletedEvent event) {
        markDeleted();
    }

But it does not doing anything, the API says: "Marks this aggregate as deleted, instructing a repository to remove that aggregate at an appropriate time." - It should remove phisically? it not doing it, I waited for 30 minutes, the aggregate still in the table, what that means "appropriate time"?

After my failed attempt to delete I read this stackoverflow question (https://stackoverflow.com/questions/59695175/axon-framework-delete-aggregate-root) where Allard said this at the comment section: "That's correct. With Event Sourcing, "delete" doesn't really exist. It's just a state like any other, except that on a "deleted" state, all commands are rejected."

Ok. So this means my Aggregate is dead but the user's personal data still there in the payload field of Domain Event Entry table for the aggregate?

So I have to somehow create a Repository and delete it or with SQL script, How are you doing this? I might be wrong and outdated about new features but if the authority comes the fine is $$$$$$$$$$$$$$$$

Thanks,
Máté

Event Sourcing mandates that the state change of the application isn't explicitly stored in the database as the new state (overwriting the previous state) but as an immutable series of events. You should not delete these events and/or change the content. This way you don't lose any data/information. Everything that happened in the system is stored. Information is far more valuable than the price of the storage these days, Don't throw it away

But, some attributes of an event should not be read by all consumers, and we should be able to delete them, without touching the event store (series of events). One of the common solutions to this problem is to encrypt the sensitive attributes, with a different encryption key for each resource. Only give the key to consumers that require it. When the sensitive information needs to be erased, delete the encryption key instead, to ensure the information can never be accessed again. This effectively makes all copies and backups of the sensitive data unusable. This pattern is known as Crypto-Shredding. The Crypto-Shredding pattern is of course only as good as your encryption and your key management practices and in my opinion a better option than just running the delete on SQL table (do you delete all the data really - what about logs?)

Axon provides a commercial module Axon Data Protection module (https://axoniq.io/product-overview/axon-data-protection) for this purpose.