Why not start by telling us what GDPR is. I haven't the foggiest idea what those letters stand for. The dumpster fire in the US is sucking all the air out of the room, so to speak.
"The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.[1] When the GDPR takes effect, it will replace the 1995 Data Protection Directive (Directive 95/46/EC)."
"One of the other key changes with GDPR is the new emphasis it places on users’ right to access their own personal data. In simple terms, this means people can make subject access requests at any time to check the data you hold and what you do with it."
"The GDPR also brings in a “right to be forgotten” where people can request the removal of personal data, either if they no longer want the charity to have it or if it is no longer used for the purpose it was collected."
Can't see the Morg being overjoyed with either of those.
Can't count you as a member if you request all data on you to be destroyed.
I'd imagine some members records with courts of love etc could make interesting reading if they requested it as well.
No church records worth reading will be kept in countries subject to GDPR; they'll all be sent to an off-shore temple in the Cayman Islands.
So records requests will receive a response, "no such records exist in our (GDPR country) files. Demands that sources outside GDPR countries be reviewed will receive the same response: "Bite me!"
The thing is though it doesn't matter where the data is transferred outside the EU if it belongs to someone within the EU. It will be very interesting to see someone take the church to task on it.