I'm pretty sure GDPR doesn't say everything must be wiped instantly but instead within a reasonable time period. One that's certainly enough to undo such actions.