This question is too vague. There are many ways to implement Gluu. In fact, there is no requirement that you store personal information in Gluu (for example in a machine-to-machine scenario). Also, with pairwise identifiers, you don't need to know anything. In any case, it's up to the implementor to consider the implications of GDPR when working on a deployment.