As an end user I too would like to know the answer to this. It seems any product sold and used in the EU will need to provide facility for GDPR compliance.
From link below:
Whether you’re developing a theme or a plugin for a specific client project or for wider distribution, the regulations will apply if your code includes the facility to collect personal data.
https://premium.wpmudev.org/blog/gdpr-how-it-affects-wordpress-site-owners-and-developers/