Yes, CB is compatible with GDPR. You can create as many terms and conditions field as you like (this is important as individual consent per policy is required), which can be used for data disclosure, privacy policies, and sites terms of use. As for the rest of compliance that's entirely up to you as none of it has to be automated. If a user asks to be deleted then delete them from backend. If a user asks for a data dump then use CB Juice to export a CSV of their profile data or do so from phpmyadmin. Don't collect more data than you absolutely need (don't have a dozen extra fields for the sake of having them; have them with a purpose).