Are Workspaces / Partitions required in order to be GDPR compliant?

Highlighted
Level 1

Are Workspaces / Partitions required in order to be GDPR compliant?

We have small regional teams that are not expected to be heavy users but may require Marketing User permission access at a date later on. It was recommended that we set up Workspaces / Partitions.

Do we fall out of compliance if non-EU users can create email programs / nurture streams from the same database that contains EU leads? Is this recommendation a requirement or a best practice?