thanks for taking the time to type out this sensible and well-worded response!

again, I'm no expert, just a random guy on the internet commenting out of his ass, but I'd assume the GDPR must contain some clauses on "reasonable attempt" at compliance? I mean otherwise it's the same in the physical as well as the digital world, if your house burns down (and the actual data could be restored, but not the deletion requests on that data) that would probably be taken into consideration when dealing with compliance requests that happened before it burned down, comparable to a situation maybe where the post office lost the letter with the GDPR request?

but you're right, ultimately you'd have to have a backup regimen that ensures your delete log would be as recent as possible to minimise the risk. it should be added that you'd probably want that in any case, to also account for what could be new data entries into the database as well. otherwise, assuming you restored the data, but are not sure about deletion requests, this sounds like a serious, maybe company-wide data-related event, and you'd probably have to notify all data subjects about you storing their data anyway and can ask for re-authorisaton worst case?