It overlooks one thing that a pedant like me finds important. In the GDPR, Article 17, Right to erasure (‘right to be forgotten’), includes "the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data" (emphasis added). My questions:
Would it be reasonable to consider some data (e.g., a cryptographic hash of a document, URL, etc.) recorded on a blockchain that can be used to locate the data to not be a "link" to the data? If not, then the regulation appears to require erasure even of the link, which means we're back to the original problem of being required to delete data stored on the blockchain. Of course, there is some wiggle room around "reasonable steps", but there is at least some risk that an argument like "it's not reasonable to remove something from the blockchain" would not fly, even for relatively opaque data such as a cryptographic hash.
The article seems to assume centralized storage for off-chain data, whereas decentralized storage makes more sense in the blockchain ecosystem where there should not be a single point of failure.
The author seems to argue that it'd be better to keep data on the blockchain if not for pesky regulations. However, this will often not make sense, because it may require too many copies of data to be kept and too much processing to validate blocks and transactions. Because data can be verified (e.g., by rehashing and making sure that the hash matches the one stored in the blockchain), it needs to be replicated enough to be available, but not by all participants. Thus, in many cases, off-chain storage makes sense regardless of regulatory issues.