A defect in requirements is still a defect.
I implemented GDPR for my company and there is nothing in GDPR that would prevent me from being able to tags indicating someone has DNA tested, manage IDs of test takers nor adding haplogroups to profiles.
The bulk of GDPR is about a person's ability to control their own data, especially if they want their data removed from a website.
All DNA testing companies allow for someone else to manage actual DNA test kits for someone else, allow someone to upload someone else's DNA kit, allow access to matches, etc. These companies all operate in the EU.
If someone has permission to manage someone else's actual DNA test kit, most often verified by only a checkmark indicating they have permission, then it makes no sense that information about DNA can't be managed by someone that has permission.
There are two types of scenarios here on WikiTree for living people:
1. A genealogist creates a profile for someone else and adds DNA data to that profile. The person that profile represents is not a member of WikiTree.
2. A member of WikiTree adds another member of WikiTree as a profile manager to help manage their profile and information, including DNA data.
Neither are prohibited by GDPR, but I could see WikiTree limiting #1 for other reasons. But to limit #2 makes no sense.
For example, if my son was a member of WIkiTree and if I want my son or someone else to manage my profile, including my DNA information, adding my son to my profile is my implicit permission to do so. If I don't want the data there, I can remove it myself, because I am a member. And as a member, I can also invoke the GDPR to ask that all my data be removed from WikiTree.
This bug is that the functionality of WikiTree no longer allows a profile manager to manage a profile of another member despite explicit permission given. This has nothing to do with GDPR.