I would probably say no, based on the following statements.osTicket does not delete old data by itself, that you would have to configure yourself.osTicket does store personal data by default, but this can be altered to your business needs.If a user requests that all data about them gets deleted, you can do so by simply deleting the user account, there is however no proof provided by osTicket that it was deleted except a success message and that you shouldn't be able to find them.If a user requests all data about them, it would be a manual task, but the tool can print out a list of the tickets and then each ticket can be exported as a pdf manually. I don't think you can export the user profile data but you can probably just take a printscreen.Most of these problems can probably be solved by implementing some sql queries that you'd use if the need arise.That's what comes to mind for me but it's very vague to ask if osTicket is GDPR complaint, it's not like there's a certificate.