What is the best way to handle GDPR by business users in redshift?

Responding to Right to Be Forgotten (RTF) requests could involve multiple steps where data discoverability is a critical element. Specific to your use case, I think the newly launched service Amazon Datazone - https://aws.amazon.com/about-aws/whats-new/2023/03/aws-amazon-datazone-preview/, will be an useful option. Data stewards can be added to Datazone domain who can manage the business catalog and metadata glossary - https://docs.aws.amazon.com/datazone/latest/userguide/create-maintain-business-glossary.html. Authorization model using Datazone profiles and roles help streamlining access control across publishers and consumers of the data. - https://docs.aws.amazon.com/datazone/latest/userguide/security-authorization.html