We are starting to get GDPR deletion requests at work. However, there area number of requests where the user cannot verify their e-mail address. They either dont have access to that account anymore or they don't remember what e-mail address they used to sign up.
What should we do to verify when all we have stored is username, e-mail address, password and various login dates?
If you are not a company you should consult a GDPR specialized attorney to help draft up processes for handling these matters to help insure you are in legal compliance and properly protect yourself legally.