Yes. The EWP infrastructure itself only facilitates the exchange of data and does not handle any storage or processing of data. Each university is responsible for ensuring the informed consent of their students prior to exchanging their personal information with partner institutions through EWP. Further efforts involving the European Commission and National Authorities are underway to ensure the data minimisation is systematically applied to the EWP data dictionaries, which are based on the official templates set out by EU. The rules of GDPR do, however, apply to the EWP/Erasmus Dashboard because it stores data. More info here.