GDPR compliance?  mm'kay.

I would have thought it might be handy to have a few other GDPR-related flags in there, as there are some "features" of GDPR that can be applied at the user level - eg, the right to restrict processing ("you may have my data, but you're not allowed to do anything with it"), and maybe track the automated decision-making / profiling stuff...

This has the potential to be a bit messy...  https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/individuals-rights/rights-related-to-automated-decision-making-and-profiling/ - why am I not surprised?