Grant Fritchey isn’t crazy when it comes to execution plans:
Now, when you save an execution plan out to a file, you’re potentially transmitting PI data. It goes further. When you hard code values, PI is not just in the query. Those PI values can also be stored throughout the plan in various properties.
So now you see what I mean when I say that the GDPR affects how we deal with execution plans. I’m not done yet.
Unfortunately, questions like the one Grant raises here won’t be answered until we see a few test cases in the European courts.