I’d put a legal blob in the Legal section clearly outlining the nature of the fediverse and making it clear to the user that really deleting stuff from Lemmy is near impossible because every instance has a copy of it. That you’ll happily comply and purge the user’s data upon request but that it will still be cached on every other server.
I’d be interested to see what lawyers have to say about it. Technically the data sharing is absolutely required by the protocol so it might be okay with the GDPR, but it’s also possible that as worded it can’t possibly be GDPR compliant. It was designed with big companies like Google, Meta and big advertisers in mind, and didn’t really account for decentralized services like the fediverse…