I have been reading posts about this GDPR thing all over the internet. I can draw up a document saying how long I will keep your data (likely, forever as I never throw away past jobs - I build on them!) and my digital storage security measures (my computer also serves for private purposes, I don't think I am using normal email exchange such as gmail, I do back up on Dropbox when working on a project).
Now, if just stating these things black on white is enough, I'll get my pen... But if these things are not enough, I do not have the technical knowledge 'to comply'. Should I simply get a secured connection? How? Should I switch email provider? How do I backup in the cloud when working on a project? I am not installing videocameras in my home in case somebody steal my backup hard disk, FYI!
It is not clear whether the burden is on the freelancer even when the work is through an agency (as it happens a lot with translations). In which case it will be the agency to inform the end client that the work will be subcontracted and hence their sensitive data disclosed to the subcontractor.
I did a translation about GDPR and it was like taking a peak in a crazy world.
Namely, you have to inform users/clients when they use your online website (cookies are major factor), you have to inform job applicants, you have to inform even your own employees.