Hello Oliver,
Event Sourcing mandates that the state change of the application isn’t explicitly stored in the database as the new state (overwriting the previous state) but as an immutable series of events. You should not delete these events and/or change the content. This way you don’t lose any data/information. Everything that happened in the system is stored. Information is far more valuable than the price of the storage these days, Don’t throw it away 
But, some attributes of an event should not be read by all consumers, and we should be able to delete them, without touching the event store (series of events). One of the common solutions to this problem is to encrypt the sensitive attributes, with a different encryption key for each resource. Only give the key to consumers that require it. When the sensitive information needs to be erased, delete the encryption key instead, to ensure the information can never be accessed again. This effectively makes all copies and backups of the sensitive data unusable. This pattern is known as Crypto-Shredding. The Crypto-Shredding pattern is of course only as good as your encryption and your key management practices and in my opinion a better option than just running the delete on SQL table (do you delete all the data really - what about logs?)
Axon provides a commercial module Axon Data Protection module (https://axoniq.io/product-overview/axon-data-protection) for this purpose.
Best,
Ivan