But, regardless of this specific incident, it reveals that WordPress.org has no meaningful GDPR compliance.

How so?