Dear EU server admins: If you at all consider a shutdown of your server, you *must* notify your users in advance.

@anthropy I am by no means lawyer, so take my opinions with large grain of salt.
The article 32 is regarding "Security of processing" and I don't think deletion of server is considered processing of data. It's as well about risk assessment to define level of security you need (e.g. backups, encryption) and not forbidding anything.
Other relevant point is article 33 (Notification of a personal data breach to the supervisory authority). You are not always required to notify about the personal data breach:
"In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent in accordance with Article 55, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons."