You can’t lose what you don’t have. In the event of a data breach or infringement the Data Authorities will look at the data that was breached or violated and if that data should have been available to begin with.
Here’s the first thing you really need to know about the GDPR: demonstrate your compliance. You do this by documenting your reasonings for certain decisions, documenting your policies and other relevant documentation. And then there’s logging.