GDPR-proof meta-data is recorded when a user receives a badge (= micro-certificate on the blockchain). This meta-data contains general information, like the name of the course, date, etc. Still, no personal data is recorded on a blockchain (=immutable ledger). Badges are non-transferable (= 'soul bound'). If you want to retain privacy, we recommend not sharing your public key in public.