Basically, I'm not interested in your personal information, and right now, I have no plans to collect personal information (nor do I want to.) The only bit of analytics I have plans to run is Google Analytics.
That being said, once the shop is up and running (which will be a separate site), the only personal information required will be whatever is needed to process digital orders. Any payment processing will be handled through Square (for donations/micro-payments), Stripe, PayPal, Google Pay, or Amazon Pay—I will not be storing credit card information. In other words, I won't be liable for payment information breaches as that will be handled by the vendors I listed above. My hope is to also pass off storing those physical addresses and names to 3rd party payment vendors, so that I'm only storing a username and email address on my end.
The GDPR is the reason why I've decided to go with WordPress. Most of the tools I need are already baked in.