Interesting debate because one of the basic premises of steem is that what you've published cannot be removed and you are held accountable for your choices to post. Past posts, even if deleted or updated remain in the BC. And there is a valid argument in that.

I think the big difference here is that steem is not part of a country. It is global and decentralized so in essence it is not under any jurisdiction at the moment. Governments use threat of force (jail) and financial sanctions for compliance and the public via advertisers use financial sanctions to force compliance with the current whim of the mob. This is what we've been seeing on Youtube. But with steem there is no "one" to attack. It's a totally different paradigm.

They can go after the interfaces such as busy and steemit via their corporate registrations and server location but not the actual BC.

Further to that, the GDPR is in response to large megacorps using peoples' data to make money whereas steem is nothing like that (is that statement correct btw?). So right from the get go it's a totally different situation.

So even if they find a target to go after there is the paradigm difference issue which is that the data has been the users' all along versus FB where for copyright efficiency they make you give them ownership of your data. There's no greedy mega corp that controls steem.

When doing seminars and talking about steem I always emphasise many times over the permanent nature of steem (plus rules 1-3 of steem - don't lose your password).