GDPR compliance? mm'kay.
I would have thought it might be handy to have a few other GDPR-related flags in there, as there are some "features" of GDPR that can be applied at the user level - eg, the right to restrict processing ("you may have my data, but you're not allowed to do anything with it"), and maybe track the automated decision-making / profiling stuff...
This has the potential to be a bit messy... https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/individuals-rights/rights-related-to-automated-decision-making-and-profiling/ - why am I not surprised?
Thomas Rushton
blog: https://thelonedba.wordpress.com