The GDPR can seem like a bit of a beast sometimes. Personally, as an EU citizen (for now, at least) I love it. My personal data has more protections than ever before.
As a web developer it’s something of an arse. But having spent a lot of time studying it I can safely say the purpose if it is pretty simple, you should only hold data you’ve told people you’ll keep – and you need a legitimate reason to have it.
So you shouldn’t be including a household income field on your local community group enquiry form. That’s probably pretty obvious.
But I still am seeing (and have client’s asking me to action) opt-in tick boxes for newsletters that are pre-ticked. You just can’t do that anymore. The legislation itself is a bit of a pig to read, but auto-ticked subscribe boxes are something they spell out very clearly.