Good question. I don't know exactly what is required by GDPR. Q2A allows deleting of accounts by Administrators, so users can ask to have their account deleted. However, users cannot delete their own accounts, not sure if that is a requirement.
Very little information is kept in the profiles anyway. Users can easily delete everything there if they need to.