Base command platform GDPR compliance

Is there a GDPR compliance statement concerning the base command platform?

I think I understand how to handle the e-mail address & name of each user to avoid revealing personal information (by using an e-mail alias that is a generated string that has nothing to do with the user’s personal information and by using pseudonyms for the user names). However, I’m not clear what information is being sent in the NGC traffic, and the NGC CLI source code does not seem to include the complete source. Is it possible to get an SSLKEYLOG file so that the traffic can be inspected?