The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union. This applies to businesses located in the EU and those outside of the EU that does business with citizens in the EU.
Below are steps to take in Sytist to be compliant with with GDPR. Some of these settings became available in the Sytist 2.9 update.
Settings -> Account Requirements
Only ask/require First & Last Name when creating a new account. GDPR ask to only collect information you need from people. At the point of creating an account, you really only need their email address (which it will always ask for) and name. The options under placing an order you will need unless you are only selling downloads and use PayPal for your payment option.
Add consent checkbox for emailing customers about their galleries or photos.
If you are sending emails to customers like gallery expiring emails, or any other emails about their gallery or photos, enable this option. This is the customer giving you consent to email them about their photos. This is different than the mailing list which would need separate consent. When someone does give consent, it will add it to the notes in their account that they did and the date/time they did. If the select no on this option, their email address is added to the opt-out list so they won't receive these emails.
If you are using the Mailing List feature (People -> Mailing List Settings), be sure the default status is Unchecked. It is not allow to be automatically checked under GDPR.
If you want to delete or erase old accounts, go to the People section and there is an option "show accounts than have not be active more than X days". Using that option you review and can batch delete or erase those accounts.