In view of GDPR - different level of permission to access to contacts list

The Contacts list may contain information that should not be accessible to all users of Nextcloud according to the GDPR. Can users be locked out from access to the Contacts list? Or can there be different levels of access rights?


Following of the discussion in