If it's GDPR, it's enough just to have a document stating what you do, as long as you follow it of course.
Anyway.. The law only focus on what is relatable to a person, so if you change your data in a way it's not relatable to the person anymore, then it's fine according to that law.
Where the law becomes tricky is if you have, let's say, a company that has only 1 person associated. Then that company is relatable to that person and therefor also falling under the law. The the company has many employees there are no issues. — I know this is a bit far from Hashnode as there are no companies here.