Thanks for the question. There are really two pieces of functionality mentioned here; the current 'delete user' function, and new GDPR personal data deletion.
The existing 'delete user' functionality in Moodle will be unchanged when the GDPR changes land this release. This was a decision made to reduce risk, as making changes to this routine may have unforeseen consequences.
The new functionality, made available through a data privacy tool, is responsible for deletion (or nullification, where required) of all personal data under certain situations, such as when a user requests to be forgotten, or when the institution is obligated to remove all personal data for the user. This works the same for all components, including badges. Each plugin must advertise which areas of it's internal database
structure, file systems, etc, store personal data, and each plugin is also responsible for the deletion of said personal data.
In the case of badges, any badge issued or manually awarded would be considered personal data of the recipient (awardee), and the personal data would, at a minimum, have to be nullified from any relevant award or backpack records. The problem I foresee here is that, strictly speaking, there is a legal requirement to remove things like the backpack email address of a user who has asked to be forgotten. This means that any badges that user has sent to backpacks (like open badges backpack for example) will no longer successfully validate because the hash in the assertion JSON will have changed when the email is nullified. Having a quick look at this, it seems this hash is generated on-the-fly, based on the backpack email, which will now be null. Nullification will however, stop other users who follow the criteria or evidence links from seeing the user's name and details, and this is a positive.
We're due to address badges in the coming days/weeks and will know for certain at that time, however, it does look like one outcome of the GDPR might be that any badge sent to a backpack will no longer validate for display elsewhere once a user has been forgotten from the issuing Moodle site.
I hope that helps to clarify the issue somewhat.