Based on the provided knowledge sources, I can offer some insights about Ory's GDPR compliance for self-hosted deployments, but there are some important considerations to note: 1. GDPR Compliance: The self-hosted version of Ory does not automatically provide full GDPR compliance. According to the feature comparison table, GDPR-compliant data storage for self-hosting is marked with a warning symbol (⚠️), indicating that additional setup or precautions may be necessary [Ory Network or self-hosted?](https://www.ory.sh/ory-network-or-self-hosting-explained-use-cases/#feature-differences). 2. Additional Setup: While Ory provides tools and features that can help with GDPR compliance, the responsibility for ensuring full compliance largely falls on the customer when self-hosting. The GDPR checklist provided in the documentation outlines several areas where the customer must take action to ensure compliance [GDPR compliance](https://www.ory.sh/docs/security-compliance/gdpr#gdpr-checklist). 3. Customer Responsibilities: Some key areas where additional setup or measures may be required include: - Ensuring lawful and transparent data processing - Specifying the purpose of data collection - Implementing data minimization practices - Maintaining data accuracy - Preventing data repurposing - Implementing storage limitation policies - Ensuring data integrity and confidentiality 4. Technical Measures: You would need to implement appropriate technical measures to ensure data protection, such as encryption, secure backups, and access controls. Ory provides some features to help with this, but the implementation and configuration would be your responsibility [Integrity and confidentiality](https://www.ory.sh/docs/security-compliance/gdpr#integrity-and-confidentiality). 5. User Rights: You would need to implement mechanisms to handle user requests related to their data rights under GDPR, such as the right to access, delete, or port their data [GDPR checklist](https://www.ory.sh/docs/security-compliance/gdpr#gdpr-checklist). In conclusion, while Ory's self-hosted version provides features that can support GDPR compliance, it is not automatically GDPR compliant out of the box. Significant additional setup and ongoing management would be required to ensure full GDPR compliance when self-hosting Ory. It's recommended to consult with legal and security experts to ensure all necessary measures are in place for GDPR compliance in your specific implementation.