"a guide & a general backgrounder/crash course on data protection law... primarily targeted at Mastodon instance owners ... and users, but much of the elements will likely also apply to other #fediverse services" by "an External Data Protection Consultant, researcher, and general buzzkill who focuses on helping organisations and individuals understand and comply with data protection laws... This is not, and should never be considered legal advice. More like a helpful guide".
After establishing that GDPR does apply to you as an instance admin, it sets out the obligations. There are quite a few, but "given that regulators like the European Data Protection Supervisor and the Bavarian Data Protection Authority are both running Mastodon instances... big regulatory hammers are unlikely to fall ... at least for now"
More Stuff I Like
See also: Fediverse (Overview)