The full text of the law is for the regulators, not for armchair lawyers.

The ICO has produced a font of useful free guidance for getting compliant with the GDPR:

https://ico.org.uk/for-organisations/

That's what people should be reading.