I cannot see how distributed systems like Fediverse can be GDPR compliment unless you lock out the system admins of the instance they host. Good DevOps requires frequent backups; it also requires offline backups.
It is one of the only good things about a centralised system - the entity that holds the data can be held accountable for not being compliant and other such things. Many mere mortals can collectively group together to fight against the goliath.
It requires too many resources to chase after the small instance owners of a distributed system like Fediverse. Just like how 3 letter agencies chase after the people who like to ride the seas in their wooden boats. The 3 letter agencies have spent a lot of resources attempting to shut it down but they've never come close.