Our solutions are GDPR compliant and follow best practices such as the OWASP secure coding practices. We use IdentityServer which is an OpenID Connect and OAuth 2.0 framework for handling authentication and authorization.