If you want to find out what GDPR really says, the best place to go is the source - https://gdpr.eu/
There are also many sites who offer you a general summary of the meaning of the law. They can be found using a standard web search engine.
My interpretation of the status of legal advice from any random person (on Discourse or elsewhere) is ‘caveat emptor’ (let the buyer beware). If you are running a system that contains EU sensitive personal information then only you (or your company) is responsible for complying with the law. If you get bad advice and follow it, it’s your neck on the chopping block if it proves to be wrong. As an example, imagine being stopped by the police for driving at 100mph in a 30mph limit. What do you imagine their response will be if you say ‘random person X told me I was ok to drive that fast on this road’. It’s your responsibility to be sure that any advice you’re given is correct. If you have a contract with random person X where they are supposed to give you legal advice on GDPR then even that’s not a defence. You would still have to have at least checked that the person was qualified to provide that advice.
Before I retired I was a Cybersecurity Manager. I spent too many long hours with our in-house legal counsel and GDPR coordinator discussing the vagaries of the law. That taught me enough to know that it can’t be summarised in a few words, nor can it really be properly considered by an outsider who doesn’t know your system or the exact data that’s included in it or who can access the data and for what reasons.