GDPR - holding data

It depends on the privacy policy and the data you shared with the app. In privacy notice, the data controller will tell you what kind of data the app will have access to and ask for your consent.The data subject can withdraw the consent at any time and for any reason. 

According to Article 15 GDPR you can demand access to data stored by the data controller (right of access ) and of course you can demand that data based on consent shall be erased under Article 17 GDPR unless there is another legitimate ground of processing. I.e., if the app required your consent to access your image gallery and some photos of you had been processed (i.e., stored in the cloud), you can demand the cancellation of images stored but you may not be able to demand the cancellation of some information related to your account if they are processed under another legitimate grounds. I.e. billing information can be stored for longer periods because of tax laws provisions.

The data controller shall erase your data without undue delay. In your request, you can refer to the data minimization principle demanding to cancel all the information that is no longer necessary to be processed. Of course, this is a general answer, based on your statement that the data processing is based on consent. You should check in the privacy notice which is the legitimate ground and what information is stored before demanding to proceed under Article 17 GDPR.

Here you can find more information:

• Article 15 GDPR: https://advisera.com/eugdpracademy/gdpr/right-of-access-by-the-data-subject/
• Article 17 GDPR: https://advisera.com/eugdpracademy/gdpr/right-to-erasure-right-to-be-forgotten/
• Right to be forgotten in the era when everyone seems willing to be remembered: https://advisera.com/eugdpracademy/blog/2019/08/26/gdpr-right-to-be-forgotten-an-easy-explanation/

You can also consider enrolling in this free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//