Great message. What about Facebook and others civilisation diseases, ...
Then Syno Drive is also out of GDPR in a case when you use Drive for team collaboration within contractors. Because you lose control on the shared data when your contractor is using Drive desktop App and you will finish cooperation with him/her. If he/she had synced and is offline. And if that data contains GDPR-related information, then you have a problem. There isn't a galactic force to order him to destroy that data because you have no way to check it. Yes, legal papers. The reality is completely different.
It would be enough to have the data accessible with the obligation of synchronization in specified periods. Otherwise, they will be encrypted and decryption would be possible after obtaining the key. There is a possible way how to do it on the Win side - PowerShell script for the main shared folder defined during the installation of the Drive Desktop client App.