The main differences being:
* the GDPRUser type exposed all data
* the deleteUser would return a GDPRUser
Without the GDPR types all of this functionality is still there and people
with the same authorization are still able to do exactly the same thing.
It is up to the clients making the queries to specify which data
they want to have returned.
/cc @Bouncey
No test were harmed while creating this PR.