Following our own GDPR compliancy efforts earlier this year, we concluded that keeping a list of e.g. email addresses or user ids for the purpose of removing those users post-restore was not acceptable, and that we would be better off storing a hash of the users' PK and using that to remove the users later if required.