Yes there is much debate and a lot of nonsense related to GDPR. Basically the new law says that when collecting personal data companies need to make it very clear what data they’re collecting and how they’re using it and to give the user full control over their data.
One use of personal data is email marketing. The avalanche of GDPR emails during the last weeks were trying to let you know what the new policy is and get you to agree on it. While in the past consent was implicit (if you don’t want our emails, unsubscribe) now GDPR requires explicit consent (if you want our emails, subscribe), but there are other legal basis for using personal data other than consent. For example, a company that sold you an FT-817 3 years ago might still email you about the new FT-818 even if they don’t have your explicit consent, on the basis of legitimate interest (we have legitimate reasons to think you might be interested in this). No matter what legal basis they use, they have to make it easy for the users to have their data removed (for example, unsubscribe from emails) if they want to.
There are many other uses for personal data (analytics, behavioural advertising, website optimisation, fulfilling orders, improving user experience, scanning for fraud etc) and some data can still be held on for a while even if you request to have it deleted.
I have been involved in the GDPR compliance process at my work place, but it’s mostly related to digital marketing. Not very familiar with how it affects apps, but the general principles should still apply. I’ve offered Jorg to host the RRT page and download on qrpblog.com and handle GDPR compliance.