Recent discussions I had about GDPR seem to indicate that email messages and documents fall in the scope of GDPR since they can be "accessed via a search" (esp. in our beloved CRM).
Are you seeing the same interpretations?
It is currently possible to perform erasure (complete or selective) of PID but AFAIK not attachments (emails or documents). Has anyone done that?