There's some vague stuff. For example, GDPR requires you only keep data for a "reasonable" period of time. So many many years would likely not be reasonable in most logging scenarios.

I suspect as a payment processor though, being able to look back far when investigating breeches etc would be important.