As I recall, GPDR is under European regulation. Perhaps due to the decentralized nature of Steemit there is currently nothing for Steemit Inc to worry about.
In terms of personal information on the blockchain, I remember reading a piece which discussed using the chain to access personal data that is stored off chain rather than on to give ownership of data. Not sure how this would work in practice.
I hope regulation won't stifle the progress of social blockchains.