Paging @mjordan here. It’s a good question. We may be able to walk back some of the information that’s included in the export file to satisfy GDPR - OJS 2.x didn’t have that info, and I’m not sure how necessary it is for 3.x.
I’m arranging for an informal working group on this general topic - I’ll be reaching out in this thread with some more information shortly. My hope is to meet and get answers (or at least a good start to answers) next week, and determine what work needs to be done in the next couple of months on our end, or on publishers’ ends.
Cheers,
James