I might be completely wrong here, but I don’t believe that the GDPR requires that the user themselves can delete the information. I imagine that as long as instance owners / admins delete user data upon the user’s request to do so, that they’d be operating within GDPR standards.
But again, I probably don’t know enough about GDPR to be commenting on it :P
Surprised I’ve not seen more people mention this. Will of the wisps music was bomb too. Gareth Coker is an incredible composer.