GDPR Compliance guidance for self hosted instance

Hi Team, we are planning to use a self-hosted ZITADEL in production. Are there any best practices or guidelines we can follow to ensure that our self-hosted ZITADEL is compliant with GDPR? We would like to focus on the technical aspects, such as which data should be anonymized, whether we should implement row-based or column-based encryption, and any other relevant considerations. Thank you