How do we handle GDPR compliance without IDFAs to request data deletion?

If you are using the Branch Data Subject Request API to send deletion requests associated with an IDFA, it will have lower efficacy since fewer users will allow tracking of the IDFA, which is the primary identifier for these requests. Instead, you’ll want to rely on IDFV where available, and consider shifting to using the SDK controls for disabling Branch functionality when a user requests an opt-out.