Hi Dave,
That's a common misconception with GDPR and an area that the old Data Protection Act was fairly lax about. GDPR applies to ALL organisations, commercial or voluntary regardless of profit making status.
That said, the punitive costs that you see banded around are aimed at large companies that handle significant amounts of personal data beyond that which we as clubs would generally handle. I very much doubt that we will see a small organisation like a local club ever being fined the amounts being mentioned.
That said, even small organisations (our club has just 70 members) have a responsibility to comply with the act and ensure that data is held securely, processed properly, not passed on without informed and POSITIVE consent (e.g. if you publish a membership directory, you MUST ask members to agree to be in it as an opt-in, not an opt-out option)
Common sense applied will see the majority of clubs complying by default.
Paul.