I haven't had a deletion request come around yet, but I've had the pict-rs documentation in my back pocket just in case. My instance allows NSFW, so I made sure I knew how to do this before deploying.
I agree with the author, though, it definitely shouldn't be so hard to delete images. Hopefully the Lemmy devs tackle these issues quickly.
With federation it's kinda like complaining archive.org doesn't have a good way to purge page snapshots in case you post something on your website you regret later. Or search engine caches. Or the local scammers replicating your page with curl for a phishing scam.
The author pretty freely admits he shares some blame, having PII on the same phone he uses Lemmy, using Lemmy while not paying attention/being half asleep. I'm sure he does know better and agrees with your statement. And yet, when mistakes happen and people prove to be fallible, Lemmy proves it is not capable of handling the problem.
I also can't believe the Lemmy developers would be so indignant about being presented with such an oversight. GDPR or no GDPR, federated to other servers or not, the idea of PII being hard/impossible to delete from a social media platform is an embarrassment to the developers.
Unfortunately, the Lemmy devs literally said it would take years to fix this issue. If you think this should be a priority for them, please advocate for them to prioritize it on GitHub: