The UK's ICO also has a good structured summary: https://ico.org.uk/for-organisations/guide-to-the-general-da...
In general I agree with the sentiments in this article. I've probably spent a total of three to four days reading around the GDPR and I don't really see what's special about this law other than it's imposing decent standards on what was in effect a wildly unregulated industry in people's personal data. If you have a broad distrust of any government activity then I suppose any new laws with "fines up to €X" might feel like "I run a small site on a Digital Ocean droplet and I'm at risk of a €2m fine out of the blue." But that doesn't make it true.
We are still waiting for the first court battles that will help determine how GDPR is actually enforced in practice. Until then being in compliance with GDPR is gonna be like herding invisible cats, and it's likely well intentioned people will get burned and OP ends up with major egg on his face within a years time. I want to drink the EU koolaid as much as the next person, but that's just naive.
I'm wondering if this is yet another point where cultural differences are muddling the discussion. In particular, the difference between common law systems (like the USA) and civil law systems (like nearly all of the EU).
In Civil law systems, the judge his interpretation matters much less then in common law systems. Mainly because everything is already codified into law.