>It would literally take me a single Ctrl+F though the codebase to see every line of code that uses CustomerID.
Most real world applications aren't that simple unfortunately. You can Ctrl+F all you want, but that won't show you the logging that automatically logs parameters from requests that include customerID or the reports based on DB replications or ETL.
Well, then remove all of the other data associated with the customer. CustomerID then is then going to be irrelevant anyway.
But frankly, all of your points are equally invalid. Replications are a copy. Replace values in replications with faux values if that's required. ETL? Absolutely the same. Logs? sed s/UserID/FauxUserID.
You're operating a semi-garage business if it's so hard to comply with GDPR. Data does not belong to you anymore, and you've had a few years to make sure you complied.
Most real world applications aren't that simple unfortunately. You can Ctrl+F all you want, but that won't show you the logging that automatically logs parameters from requests that include customerID or the reports based on DB replications or ETL.